diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b5110e08..4f267c96 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,4 +1,6 @@ +--- version: 2 + updates: - package-ecosystem: github-actions directory: / @@ -10,18 +12,10 @@ updates: interval: daily ignore: - dependency-name: k8s.io/api - update-types: - - version-update:semver-major - - version-update:semver-minor + update-types: [version-update:semver-major, version-update:semver-minor] - dependency-name: k8s.io/apimachinery - update-types: - - version-update:semver-major - - version-update:semver-minor + update-types: [version-update:semver-major, version-update:semver-minor] - dependency-name: k8s.io/client-go - update-types: - - version-update:semver-major - - version-update:semver-minor + update-types: [version-update:semver-major, version-update:semver-minor] - dependency-name: sigs.k8s.io/controller-runtime - update-types: - - version-update:semver-major - - version-update:semver-minor + update-types: [version-update:semver-major, version-update:semver-minor] diff --git a/.github/sync.yml b/.github/sync.yml index 988b9582..93e937a7 100644 --- a/.github/sync.yml +++ b/.github/sync.yml @@ -1,3 +1,4 @@ +--- aiven/aiven-charts: - source: charts/aiven-operator/ dest: charts/aiven-operator/ diff --git a/.github/workflows/force-sync-charts.yml b/.github/workflows/force-sync-charts.yml index 8f75b4d8..6aaa3205 100644 --- a/.github/workflows/force-sync-charts.yml +++ b/.github/workflows/force-sync-charts.yml @@ -1,3 +1,4 @@ +--- name: force sync charts on: @@ -12,4 +13,4 @@ jobs: - uses: BetaHuhn/repo-file-sync-action@v1 with: GH_PAT: ${{ secrets.AIVEN_CI_PAT__VALID_WHILE_ALEKS_IS_EMPLOYED }} - COMMIT_PREFIX: "chore:" + COMMIT_PREFIX: 'chore:' diff --git a/.github/workflows/generate.yml b/.github/workflows/generate.yml index f60ed8e9..183946c5 100644 --- a/.github/workflows/generate.yml +++ b/.github/workflows/generate.yml @@ -1,3 +1,4 @@ +--- name: generate files on: @@ -25,4 +26,4 @@ jobs: run: make generate - uses: stefanzweifel/git-auto-commit-action@v5 with: - commit_message: "chore(userconfigs): generate files" + commit_message: 'chore(userconfigs): generate files' diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index e447058f..2599c1e6 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,33 +1,24 @@ +--- name: lint on: push: - branches: - - main + branches: [main] pull_request: - branches: - - main + branches: [main] jobs: - commitlint: + pre-commit: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - uses: actions/setup-python@v3 + - uses: actions/setup-go@v4 with: - fetch-depth: 0 - - uses: wagoid/commitlint-github-action@v5 - golang_ci_linter: - name: golang_ci_linter - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 - with: - go-version-file: go.mod - - name: golangci-lint - uses: golangci/golangci-lint-action@v3 - with: - version: latest + go-version: 1.21.x + - name: Install dependencies + run: go get . + - uses: pre-commit/action@v3.0.0 codeql_analysis: runs-on: ubuntu-latest permissions: diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 7bbcb87e..2636ee9c 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -1,10 +1,10 @@ +--- name: pages on: workflow_dispatch: {} push: - tags: - - v* + tags: [v*] jobs: release_pages: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 069e4e90..1edfd258 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,9 +1,9 @@ +--- name: release on: push: - tags: - - v* + tags: [v*] jobs: build_default_release_manifest: @@ -55,9 +55,7 @@ jobs: build-args: | VERSION=${{ steps.action_vars.outputs.tag }} sync-charts: - needs: - - build_default_release_manifest - - build_and_push_docker_image + needs: [build_default_release_manifest, build_and_push_docker_image] runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a21a1782..5447db26 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,3 +1,4 @@ +--- name: tests on: @@ -8,8 +9,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - k8s-version: - - 1.24.10 + k8s-version: [1.24.10] steps: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 diff --git a/.golangci.yml b/.golangci.yml index a2c611b4..4e7e16ac 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,20 +1,15 @@ +--- issues: exclude-rules: - path: _test\.go - linters: - - dupl - - gosec - - goconst - - golint + linters: [dupl, gosec, goconst, golint] text: underscore - - linters: - - gomnd - text: "mnd: Magic number: 0644" + - linters: [gomnd] + text: 'mnd: Magic number: 0644' linters: disable-all: true enable: - - deadcode - errcheck - gofmt - gosimple @@ -24,14 +19,11 @@ linters: - staticcheck - unconvert - unused - - varcheck - vet - goimports - gomnd run: timeout: 10m - skip-dirs: - - hack - skip-files: - - api/v1alpha1/zz_generated.deepcopy.go + skip-dirs: [hack] + skip-files: [api/v1alpha1/zz_generated.deepcopy.go] diff --git a/.markdownlint.jsonc b/.markdownlint.jsonc new file mode 100644 index 00000000..c7e8b9d0 --- /dev/null +++ b/.markdownlint.jsonc @@ -0,0 +1,15 @@ +{ + // mkdocs code blocks inside admonitions trip this rule + "code-block-style": false, + // allow inline html + "no-inline-html": false, + // allow using **emphasis** as heading + "no-emphasis-as-heading": false, + // don't care about line length + "line-length": false, + // mkdocs admonitions and links aren't supported https://github.com/DavidAnson/markdownlint/issues/207 + "link-fragments": false, + // mkdocs renders link titles from YAML frontmatter and renders the content + // title from the first title specified with "#" + "single-title": false +} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..8195dfcb --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,41 @@ +--- +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.5.0 + hooks: + - id: end-of-file-fixer + - id: trailing-whitespace + - id: mixed-line-ending + - id: check-executables-have-shebangs + - id: check-merge-conflict + - id: fix-byte-order-marker + - id: pretty-format-json + - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook + rev: v9.10.0 + hooks: + - id: commitlint + stages: [commit-msg] + additional_dependencies: ['@commitlint/config-conventional'] + - repo: https://github.com/lyz-code/yamlfix + rev: 1.16.0 + hooks: + - id: yamlfix + exclude: | + (?x)^( + charts/(aiven-operator|aiven-operator-crds)/templates/.*.yaml| + charts/aiven-operator-crds/values.yaml + )$ + args: [--config-file, yamlfix.toml] + - repo: https://github.com/igorshubovych/markdownlint-cli + rev: v0.38.0 + hooks: + - id: markdownlint + args: [--fix] + - repo: https://github.com/codespell-project/codespell + rev: v2.2.6 + hooks: + - id: codespell + - repo: https://github.com/golangci/golangci-lint + rev: v1.55.2 + hooks: + - id: golangci-lint-full diff --git a/CHANGELOG.md b/CHANGELOG.md index dbafefd7..fc713a82 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,10 +7,10 @@ ## v0.16.1 - 2023-12-15 -- Check VPC for running services before deletion. Prevents VPC from hanging in the DELETING state +- Check VPC for running services before deletion. Prevents VPC from hanging in the DELETING state - Expose `KAFKA_SCHEMA_REGISTRY_URI` and `KAFKA_REST_URI` to `Kafka` secret - Expose `CONNECTIONPOOL_NAME` in `ConnectionPool` secret -- Fix `CONNECTIONPOOL_PORT` exposes service port instead of pool port +- Fix `CONNECTIONPOOL_PORT` exposes service port instead of pool port - Fix `SERVICEUSER_PORT` when `sasl` is the only authentication method - Change `PostgreSQL` field `userConfig.pg_qualstats.enabled`: deprecated - Change `PostgreSQL` field `userConfig.pg_qualstats.min_err_estimate_num`: deprecated @@ -21,7 +21,7 @@ ## v0.16.0 - 2023-12-07 - Set conditions on errors: `Preconditions`, `CreateOrUpdate`, `Delete`. Thanks to @atarax -- Fix object updates lost when reconciler exits before the object is committed +- Fix object updates lost when reconciler exits before the object is committed - Add `Kafka` field `userConfig.kafka.transaction_partition_verification_enable`, type `boolean`: Enable verification that checks that the partition has been added to the transaction before writing transactional records to the partition @@ -53,7 +53,7 @@ - Upgrade to Go 1.21 - Add option to orphan resources. Thanks to @atarax -- Fix `ServiceIntegration`: do not send empty user config to the API +- Fix `ServiceIntegration`: do not send empty user config to the API - Add a format for `string` type fields to the documentation - Generate CRDs changelog - Add `Clickhouse` field `userConfig.private_access.clickhouse_mysql`, type `boolean`: Allow clients @@ -110,7 +110,7 @@ - Add `Kafka` spec property `scheduled_rebalance_max_delay_ms` - Mark deprecated `Kafka` spec property `remote_log_storage_system_enable` - Add `KafkaConnect` spec property `scheduled_rebalance_max_delay_ms` -- Add `OpenSearch` spec property `openid` +- Add `OpenSearch` spec property `openid` - Use updated go client with enhanced retries ## v0.12.3 - 2023-07-13 @@ -139,7 +139,6 @@ - Add `OpenSearch.spec.userConfig.idp_pemtrustedcas_content` option. Specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification. - ## v0.11.0 - 2023-04-25 - Add `ServiceIntegration` kind `SourceProjectName` and `DestinationProjectName` fields @@ -158,16 +157,16 @@ - Add `minumim`, `maximum` validations for `number` type - Move helm charts to the operator repository - Add helm charts generator -- Remove `ip_filter` backward compatability +- Remove `ip_filter` backward compatibility - Fix deletion errors omitted - Add service integration `clickhouseKafka.tables.data_format-property` enum `RawBLOB` value - Update OpenSearch `userConfig.opensearch.email_sender_username` validation pattern - Add Kafka `log_cleaner_min_cleanable_ratio` minimum and maximum validation rules - Remove Kafka version `3.2`, reached EOL - Remove PostgreSQL version `10`, reached EOL -- Explicitly delete `ProjectVPC` by `ID` to avoid conflicts +- Explicitly delete `ProjectVPC` by `ID` to avoid conflicts - Speed up `ProjectVPC` deletion by exiting on `DELETING` status -- Fix missing RBAC permissions to update finalizers for various controllers +- Fix missing RBAC permissions to update finalizers for various controllers - Refactor `ClickhouseUser` controller - Mark `ClickhouseUser.spec.project` and `ClickhouseUser.spec.serviceName` as immutable - Remove deprecated service integration type `signalfx` @@ -206,7 +205,7 @@ as native [CRD validation rules](https://kubernetes.io/blog/2022/09/23/crd-valid - Add Cassandra Kind - Add Grafana Kind -- Recreate Kafka ACL if modified. +- Recreate Kafka ACL if modified. Note: Modification of ACL created prior to v0.5.1 won't delete existing instance at Aiven. It must be deleted manually. - Fix MySQL webhook @@ -216,7 +215,7 @@ as native [CRD validation rules](https://kubernetes.io/blog/2022/09/23/crd-valid - Remove `never` from choices of maintenance dow - Add `development` flag to configure logger's behavior - Add user config generator (see `make generate-user-configs`) -- Add `genericServiceHandler` to generalize service management +- Add `genericServiceHandler` to generalize service management - Add MySQL Kind ## v0.5.2 - 2022-12-09 @@ -246,23 +245,29 @@ as native [CRD validation rules](https://kubernetes.io/blog/2022/09/23/crd-valid ## v0.2.0 - 2021-11-17 features: -* add Redis CRD + +- add Redis CRD improvements: -* watch CRDs to reconcile token secrets + +- watch CRDs to reconcile token secrets fixes: -* fix RBACs of KafkaACL CRD + +- fix RBACs of KafkaACL CRD ## v0.1.1 - 2021-09-13 improvements: -* update helm installation docs + +- update helm installation docs fixes: -* fix typo in a kafka-connector kuttl test + +- fix typo in a kafka-connector kuttl test ## v0.1.0 - 2021-09-10 features: -* initial release + +- initial release diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index c08a5524..e4901a4b 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -60,7 +60,7 @@ representative at an online or offline event. Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at -opensource@aiven.io. +. All complaints will be reviewed and investigated promptly and fairly. All community leaders are obligated to respect the privacy and security of the @@ -116,7 +116,7 @@ the community. This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.0, available at -https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. +. Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity). @@ -124,5 +124,5 @@ enforcement ladder](https://github.com/mozilla/diversity). [homepage]: https://www.contributor-covenant.org For answers to common questions about this code of conduct, see the FAQ at -https://www.contributor-covenant.org/faq. Translations are available at -https://www.contributor-covenant.org/translations. +. Translations are available at +. diff --git a/README.md b/README.md index 1e0107d1..d1d58b04 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,17 @@ # Aiven Operator + Provision and manage [Aiven Services](https://aiven.io/) from your Kubernetes cluster. See the full documentation [here](https://aiven.github.io/aiven-operator/). ## Installation -To install the Operator, please follow the [installation instructions](https://aiven.github.io/aiven-operator/installation/helm.html). +To install the Operator, please follow the [installation instructions](https://aiven.github.io/aiven-operator/installation/helm.html). ## Deploying PostgreSQL at Aiven + Now let's create a `PostgreSQL` resource with the following YAML – please fill in your project name under in the `project` field: + ```yaml apiVersion: aiven.io/v1alpha1 kind: PostgreSQL @@ -35,22 +38,27 @@ spec: ``` Watch the resource being created and wait until its status is `RUNNING`: + ```bash -$ watch kubectl get postgresql.aiven.io aiven-pg +watch kubectl get postgresql.aiven.io aiven-pg ``` After created, the Operator will create a Kubernetes Secret containing the PostgreSQL connection information: + ```bash -$ kubectl describe secret pg-connection +kubectl describe secret pg-connection ``` Use the following [jq](https://github.com/stedolan/jq) command to decode the Secret: + ```bash -$ kubectl get secret pg-connection -o json | jq '.data | map_values(@base64d)' +kubectl get secret pg-connection -o json | jq '.data | map_values(@base64d)' ``` ## Connecting to PostgreSQL + Let's run a `psql` command to test the database connection using the generated Secret: + ```yaml apiVersion: v1 kind: Pod @@ -68,16 +76,19 @@ spec: ``` The Pod should the PostgreSQL version. You can verify with the following command: + ```bash $ kubectl logs psql-test-connection - version + version --------------------------------------------------------------------------------------------- PostgreSQL 11.12 on x86_64-pc-linux-gnu, compiled by gcc, a 68c5366192 p 6b9244f01a, 64-bit (1 row) ``` ## Contributing + We welcome and encourage contributions to this project. Please take a look at our [Contribution guide line](https://aiven.github.io/aiven-operator/contributing/index.html). ## License + [Apache 2](LICENSE). diff --git a/charts/aiven-operator-crds/Chart.yaml b/charts/aiven-operator-crds/Chart.yaml index 40dd6a6d..fe805ce5 100644 --- a/charts/aiven-operator-crds/Chart.yaml +++ b/charts/aiven-operator-crds/Chart.yaml @@ -1,9 +1,11 @@ +--- apiVersion: v2 name: aiven-operator-crds description: A Helm chart to deploy the aiven operator custom resource definitions type: application version: v0.16.1 appVersion: v0.16.1 + maintainers: - name: ivan-savciuc url: https://www.aiven.io diff --git a/charts/aiven-operator/Chart.yaml b/charts/aiven-operator/Chart.yaml index 0d991cba..3d3dcc7c 100644 --- a/charts/aiven-operator/Chart.yaml +++ b/charts/aiven-operator/Chart.yaml @@ -1,9 +1,11 @@ +--- apiVersion: v2 name: aiven-operator description: A Helm chart to deploy the aiven operator type: application version: v0.16.1 appVersion: v0.16.1 + maintainers: - name: ivan-savciuc url: https://www.aiven.io diff --git a/charts/aiven-operator/ci/test-values.yaml b/charts/aiven-operator/ci/test-values.yaml index 55f3ea13..7305a31d 100644 --- a/charts/aiven-operator/ci/test-values.yaml +++ b/charts/aiven-operator/ci/test-values.yaml @@ -1,2 +1,3 @@ +--- webhooks: enabled: false diff --git a/charts/aiven-operator/templates/ensure_cert_manager_if_webhooks_are_enabled.yaml b/charts/aiven-operator/templates/ensure_cert_manager_if_webhooks_are_enabled.yaml index 191487dd..30cdf989 100644 --- a/charts/aiven-operator/templates/ensure_cert_manager_if_webhooks_are_enabled.yaml +++ b/charts/aiven-operator/templates/ensure_cert_manager_if_webhooks_are_enabled.yaml @@ -7,4 +7,3 @@ {{ end }} {{ end }} - diff --git a/charts/aiven-operator/values.yaml b/charts/aiven-operator/values.yaml index b63d30c5..df0f03b3 100644 --- a/charts/aiven-operator/values.yaml +++ b/charts/aiven-operator/values.yaml @@ -1,13 +1,14 @@ +--- # Default values for aiven-operator. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 -nameOverride: "" -fullnameOverride: "" -metricsBindAddress: "" -healthProbeBindAddress: "" +nameOverride: '' +fullnameOverride: '' +metricsBindAddress: '' +healthProbeBindAddress: '' leaderElect: true # Default Aiven Token secret @@ -15,8 +16,8 @@ leaderElect: true # It is expected to be in the same namespace where the Aiven # operator will be installed and should contain a valid Aiven API Token. defaultTokenSecret: - name: "" - key: "token" + name: '' + key: token # webhhook configuration webhooks: @@ -30,8 +31,8 @@ webhooks: image: repository: aivenoy/aiven-operator pullPolicy: IfNotPresent - # default is .Chart.AppVersion but can be overriden here - tag: "" + # default is .Chart.AppVersion but can be overridden here + tag: '' imagePullSecrets: [] @@ -42,7 +43,7 @@ serviceAccount: annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template - name: "" + name: '' resources: limits: diff --git a/config/certmanager/certificate.yaml b/config/certmanager/certificate.yaml index 52d86618..0d0bc85e 100644 --- a/config/certmanager/certificate.yaml +++ b/config/certmanager/certificate.yaml @@ -1,25 +1,31 @@ +--- # The following manifests contain a self-signed issuer CR and a certificate CR. # More document can be found at https://docs.cert-manager.io # WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. apiVersion: cert-manager.io/v1 kind: Issuer + metadata: name: selfsigned-issuer namespace: system + spec: selfSigned: {} + --- apiVersion: cert-manager.io/v1 kind: Certificate + metadata: name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml namespace: system + spec: # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize dnsNames: - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local issuerRef: kind: Issuer name: selfsigned-issuer - secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize + secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize diff --git a/config/certmanager/kustomization.yaml b/config/certmanager/kustomization.yaml index bebea5a5..f9c51d08 100644 --- a/config/certmanager/kustomization.yaml +++ b/config/certmanager/kustomization.yaml @@ -1,5 +1,4 @@ -resources: -- certificate.yaml +--- +resources: [certificate.yaml] -configurations: -- kustomizeconfig.yaml +configurations: [kustomizeconfig.yaml] diff --git a/config/certmanager/kustomizeconfig.yaml b/config/certmanager/kustomizeconfig.yaml index 90d7c313..80bde928 100644 --- a/config/certmanager/kustomizeconfig.yaml +++ b/config/certmanager/kustomizeconfig.yaml @@ -1,16 +1,17 @@ -# This configuration is for teaching kustomize how to update name ref and var substitution +--- +# This configuration is for teaching kustomize how to update name ref and var substitution nameReference: -- kind: Issuer - group: cert-manager.io - fieldSpecs: - - kind: Certificate + - kind: Issuer group: cert-manager.io - path: spec/issuerRef/name + fieldSpecs: + - kind: Certificate + group: cert-manager.io + path: spec/issuerRef/name varReference: -- kind: Certificate - group: cert-manager.io - path: spec/commonName -- kind: Certificate - group: cert-manager.io - path: spec/dnsNames + - kind: Certificate + group: cert-manager.io + path: spec/commonName + - kind: Certificate + group: cert-manager.io + path: spec/dnsNames diff --git a/config/crd/bases/aiven.io_cassandras.yaml b/config/crd/bases/aiven.io_cassandras.yaml index b92c2e97..57a23925 100644 --- a/config/crd/bases/aiven.io_cassandras.yaml +++ b/config/crd/bases/aiven.io_cassandras.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: cassandras.aiven.io + spec: group: aiven.io names: @@ -15,381 +17,366 @@ spec: singular: cassandra scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.cloudName - name: Region - type: string - - jsonPath: .spec.plan - name: Plan - type: string - - jsonPath: .status.state - name: State - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Cassandra is the Schema for the cassandras API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CassandraSpec defines the desired state of Cassandra - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - cloudName: - description: Cloud the service runs in. - maxLength: 256 - type: string - connInfoSecretTarget: - description: 'Information regarding secret creation. Exposed keys: - `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, - `CASSANDRA_URI`, `CASSANDRA_HOSTS`' - properties: - annotations: - additionalProperties: - type: string - description: Annotations added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - additionalProperties: - type: string - description: Labels added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: Name of the secret resource to be created. By default, - is equal to the resource name - type: string - prefix: - description: Prefix for the secret's keys. Added "as is" without - any transformations. By default, is equal to the kind name in - uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - type: string - required: - - name - type: object - disk_space: - description: The disk space of the service, possible values depend - on the service type, the cloud provider and the project. Reducing - will result in the service re-balancing. - format: ^[1-9][0-9]*(GiB|G)* - type: string - maintenanceWindowDow: - description: Day of week when maintenance operations should be performed. - One monday, tuesday, wednesday, etc. - enum: - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - - sunday - type: string - maintenanceWindowTime: - description: Time of day when maintenance operations should be performed. - UTC time in HH:mm:ss format. - maxLength: 8 - type: string - plan: - description: Subscription plan. - maxLength: 128 - type: string - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - projectVPCRef: - description: ProjectVPCRef reference to ProjectVPC resource to use - its ID as ProjectVPCID automatically - properties: - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - required: - - name - type: object - projectVpcId: - description: Identifier of the VPC the service should be in, if any. - maxLength: 36 - type: string - serviceIntegrations: - description: Service integrations to specify when creating a service. - Not applied after initial service creation - items: - description: Service integrations to specify when creating a service. - Not applied after initial service creation + - additionalPrinterColumns: + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.cloudName + name: Region + type: string + - jsonPath: .spec.plan + name: Plan + type: string + - jsonPath: .status.state + name: State + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Cassandra is the Schema for the cassandras API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CassandraSpec defines the desired state of Cassandra + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - integrationType: - enum: - - read_replica + key: + minLength: 1 type: string - sourceServiceName: - maxLength: 64 + name: minLength: 1 type: string - required: - - integrationType - - sourceServiceName + required: [key, name] type: object - maxItems: 1 - type: array - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - tags: - additionalProperties: + cloudName: + description: Cloud the service runs in. + maxLength: 256 type: string - description: Tags are key-value pairs that allow you to categorize - services. - type: object - terminationProtection: - description: Prevent service from being deleted. It is recommended - to have this enabled for all services. - type: boolean - userConfig: - description: Cassandra specific user configuration options - properties: - additional_backup_regions: - description: Deprecated. Additional Cloud Regions for Backup Replication - items: - type: string - maxItems: 1 - type: array - backup_hour: - description: The hour of day (in UTC) when backup for the service - is started. New backup is only started if previous backup has - already completed. - maximum: 23 - minimum: 0 - type: integer - backup_minute: - description: The minute of an hour when backup for the service - is started. New backup is only started if previous backup has - already completed. - maximum: 59 - minimum: 0 - type: integer - cassandra: - description: cassandra configuration values - properties: - batch_size_fail_threshold_in_kb: - description: Fail any multiple-partition batch exceeding this - value. 50kb (10x warn threshold) by default. - maximum: 1000000 - minimum: 1 - type: integer - batch_size_warn_threshold_in_kb: - description: Log a warning message on any multiple-partition - batch size exceeding this value.5kb per batch by default.Caution - should be taken on increasing the size of this thresholdas - it can lead to node instability. - maximum: 1000000 - minimum: 1 - type: integer - datacenter: - description: Name of the datacenter to which nodes of this - service belong. Can be set only when creating the service. - maxLength: 128 + connInfoSecretTarget: + description: 'Information regarding secret creation. Exposed keys: + `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, + `CASSANDRA_URI`, `CASSANDRA_HOSTS`' + properties: + annotations: + additionalProperties: type: string - type: object - cassandra_version: - description: Cassandra major version - enum: - - "4" - - "3" - type: string - ip_filter: - description: Allow incoming connections from CIDR address block, - e.g. '10.20.0.0/16' - items: - description: CIDR address block, either as a string, or in a - dict with an optional description field - properties: - description: - description: Description for IP filter list entry - maxLength: 1024 - type: string - network: - description: CIDR address block - maxLength: 43 - type: string - required: - - network + description: Annotations added to the secret type: object - maxItems: 1024 - type: array - migrate_sstableloader: - description: Sets the service into migration mode enabling the - sstableloader utility to be used to upload Cassandra data files. - Available only on service create. - type: boolean - private_access: - description: Allow access to selected service ports from private - networks - properties: - prometheus: - description: Allow clients to connect to prometheus with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - type: object - project_to_fork_from: - description: Name of another project to fork a service from. This - has effect only when a new service is being created. - maxLength: 63 - type: string - x-kubernetes-validations: + x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: + type: string + description: Labels added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Name of the secret resource to be created. By default, + is equal to the resource name + type: string + prefix: + description: Prefix for the secret's keys. Added "as is" without + any transformations. By default, is equal to the kind name + in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. + type: string + required: [name] + type: object + disk_space: + description: The disk space of the service, possible values depend + on the service type, the cloud provider and the project. Reducing + will result in the service re-balancing. + format: ^[1-9][0-9]*(GiB|G)* + type: string + maintenanceWindowDow: + description: Day of week when maintenance operations should be performed. + One monday, tuesday, wednesday, etc. + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + maintenanceWindowTime: + description: Time of day when maintenance operations should be performed. + UTC time in HH:mm:ss format. + maxLength: 8 + type: string + plan: + description: Subscription plan. + maxLength: 128 + type: string + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf - public_access: - description: Allow access to selected service ports from the public - Internet + projectVPCRef: + description: ProjectVPCRef reference to ProjectVPC resource to use + its ID as ProjectVPCID automatically + properties: + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + required: [name] + type: object + projectVpcId: + description: Identifier of the VPC the service should be in, if + any. + maxLength: 36 + type: string + serviceIntegrations: + description: Service integrations to specify when creating a service. + Not applied after initial service creation + items: + description: Service integrations to specify when creating a service. + Not applied after initial service creation properties: - prometheus: - description: Allow clients to connect to prometheus from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean + integrationType: + enum: [read_replica] + type: string + sourceServiceName: + maxLength: 64 + minLength: 1 + type: string + required: [integrationType, sourceServiceName] type: object - service_log: - description: Store logs for the service so that they are available - in the HTTP API and console. - type: boolean - service_to_fork_from: - description: Name of another service to fork from. This has effect - only when a new service is being created. - maxLength: 64 - type: string - x-kubernetes-validations: + maxItems: 1 + type: array + x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf - service_to_join_with: - description: When bootstrapping, instead of creating a new Cassandra - cluster try to join an existing one from another service. Can - only be set on service creation. - maxLength: 64 + tags: + additionalProperties: type: string - static_ips: - description: Use static public IP addresses - type: boolean - type: object - required: - - plan - - project - type: object - status: - description: ServiceStatus defines the observed state of service - properties: - conditions: - description: Conditions represent the latest available observations - of a service state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: Tags are key-value pairs that allow you to categorize + services. + type: object + terminationProtection: + description: Prevent service from being deleted. It is recommended + to have this enabled for all services. + type: boolean + userConfig: + description: Cassandra specific user configuration options properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 + additional_backup_regions: + description: Deprecated. Additional Cloud Regions for Backup + Replication + items: + type: string + maxItems: 1 + type: array + backup_hour: + description: The hour of day (in UTC) when backup for the service + is started. New backup is only started if previous backup + has already completed. + maximum: 23 minimum: 0 type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + backup_minute: + description: The minute of an hour when backup for the service + is started. New backup is only started if previous backup + has already completed. + maximum: 59 + minimum: 0 + type: integer + cassandra: + description: cassandra configuration values + properties: + batch_size_fail_threshold_in_kb: + description: Fail any multiple-partition batch exceeding + this value. 50kb (10x warn threshold) by default. + maximum: 1000000 + minimum: 1 + type: integer + batch_size_warn_threshold_in_kb: + description: Log a warning message on any multiple-partition + batch size exceeding this value.5kb per batch by default.Caution + should be taken on increasing the size of this thresholdas + it can lead to node instability. + maximum: 1000000 + minimum: 1 + type: integer + datacenter: + description: Name of the datacenter to which nodes of this + service belong. Can be set only when creating the service. + maxLength: 128 + type: string + type: object + cassandra_version: + description: Cassandra major version + enum: ['4', '3'] type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown + ip_filter: + description: Allow incoming connections from CIDR address block, + e.g. '10.20.0.0/16' + items: + description: CIDR address block, either as a string, or in + a dict with an optional description field + properties: + description: + description: Description for IP filter list entry + maxLength: 1024 + type: string + network: + description: CIDR address block + maxLength: 43 + type: string + required: [network] + type: object + maxItems: 1024 + type: array + migrate_sstableloader: + description: Sets the service into migration mode enabling the + sstableloader utility to be used to upload Cassandra data + files. Available only on service create. + type: boolean + private_access: + description: Allow access to selected service ports from private + networks + properties: + prometheus: + description: Allow clients to connect to prometheus with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + type: object + project_to_fork_from: + description: Name of another project to fork a service from. + This has effect only when a new service is being created. + maxLength: 63 type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + public_access: + description: Allow access to selected service ports from the + public Internet + properties: + prometheus: + description: Allow clients to connect to prometheus from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + type: object + service_log: + description: Store logs for the service so that they are available + in the HTTP API and console. + type: boolean + service_to_fork_from: + description: Name of another service to fork from. This has + effect only when a new service is being created. + maxLength: 64 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + service_to_join_with: + description: When bootstrapping, instead of creating a new Cassandra + cluster try to join an existing one from another service. + Can only be set on service creation. + maxLength: 64 type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + static_ips: + description: Use static public IP addresses + type: boolean type: object - type: array - state: - description: Service state - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + required: [plan, project] + type: object + status: + description: ServiceStatus defines the observed state of service + properties: + conditions: + description: Conditions represent the latest available observations + of a service state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + state: + description: Service state + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_clickhouses.yaml b/config/crd/bases/aiven.io_clickhouses.yaml index 6fbd5c4e..ec02f7ad 100644 --- a/config/crd/bases/aiven.io_clickhouses.yaml +++ b/config/crd/bases/aiven.io_clickhouses.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: clickhouses.aiven.io + spec: group: aiven.io names: @@ -15,360 +17,348 @@ spec: singular: clickhouse scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Clickhouse is the Schema for the clickhouses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClickhouseSpec defines the desired state of Clickhouse - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - cloudName: - description: Cloud the service runs in. - maxLength: 256 - type: string - connInfoSecretTarget: - description: 'Information regarding secret creation. Exposed keys: - `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`' - properties: - annotations: - additionalProperties: - type: string - description: Annotations added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - additionalProperties: - type: string - description: Labels added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: Name of the secret resource to be created. By default, - is equal to the resource name - type: string - prefix: - description: Prefix for the secret's keys. Added "as is" without - any transformations. By default, is equal to the kind name in - uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - type: string - required: - - name - type: object - disk_space: - description: The disk space of the service, possible values depend - on the service type, the cloud provider and the project. Reducing - will result in the service re-balancing. - format: ^[1-9][0-9]*(GiB|G)* - type: string - maintenanceWindowDow: - description: Day of week when maintenance operations should be performed. - One monday, tuesday, wednesday, etc. - enum: - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - - sunday - type: string - maintenanceWindowTime: - description: Time of day when maintenance operations should be performed. - UTC time in HH:mm:ss format. - maxLength: 8 - type: string - plan: - description: Subscription plan. - maxLength: 128 - type: string - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - projectVPCRef: - description: ProjectVPCRef reference to ProjectVPC resource to use - its ID as ProjectVPCID automatically - properties: - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - required: - - name - type: object - projectVpcId: - description: Identifier of the VPC the service should be in, if any. - maxLength: 36 - type: string - serviceIntegrations: - description: Service integrations to specify when creating a service. - Not applied after initial service creation - items: - description: Service integrations to specify when creating a service. - Not applied after initial service creation + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Clickhouse is the Schema for the clickhouses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClickhouseSpec defines the desired state of Clickhouse + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - integrationType: - enum: - - read_replica + key: + minLength: 1 type: string - sourceServiceName: - maxLength: 64 + name: minLength: 1 type: string - required: - - integrationType - - sourceServiceName + required: [key, name] type: object - maxItems: 1 - type: array - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - tags: - additionalProperties: + cloudName: + description: Cloud the service runs in. + maxLength: 256 type: string - description: Tags are key-value pairs that allow you to categorize - services. - type: object - terminationProtection: - description: Prevent service from being deleted. It is recommended - to have this enabled for all services. - type: boolean - userConfig: - description: OpenSearch specific user configuration options - properties: - additional_backup_regions: - description: Additional Cloud Regions for Backup Replication - items: - type: string - maxItems: 1 - type: array - ip_filter: - description: Allow incoming connections from CIDR address block, - e.g. '10.20.0.0/16' - items: - description: CIDR address block, either as a string, or in a - dict with an optional description field - properties: - description: - description: Description for IP filter list entry - maxLength: 1024 - type: string - network: - description: CIDR address block - maxLength: 43 - type: string - required: - - network + connInfoSecretTarget: + description: 'Information regarding secret creation. Exposed keys: + `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`' + properties: + annotations: + additionalProperties: + type: string + description: Annotations added to the secret type: object - maxItems: 1024 - type: array - private_access: - description: Allow access to selected service ports from private - networks - properties: - clickhouse: - description: Allow clients to connect to clickhouse with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - clickhouse_https: - description: Allow clients to connect to clickhouse_https - with a DNS name that always resolves to the service's private - IP addresses. Only available in certain network locations - type: boolean - clickhouse_mysql: - description: Allow clients to connect to clickhouse_mysql - with a DNS name that always resolves to the service's private - IP addresses. Only available in certain network locations - type: boolean - prometheus: - description: Allow clients to connect to prometheus with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - type: object - privatelink_access: - description: Allow access to selected service components through - Privatelink - properties: - clickhouse: - description: Enable clickhouse - type: boolean - clickhouse_https: - description: Enable clickhouse_https - type: boolean - clickhouse_mysql: - description: Enable clickhouse_mysql - type: boolean - prometheus: - description: Enable prometheus - type: boolean - type: object - project_to_fork_from: - description: Name of another project to fork a service from. This - has effect only when a new service is being created. - maxLength: 63 - type: string - x-kubernetes-validations: + x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: + type: string + description: Labels added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Name of the secret resource to be created. By default, + is equal to the resource name + type: string + prefix: + description: Prefix for the secret's keys. Added "as is" without + any transformations. By default, is equal to the kind name + in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. + type: string + required: [name] + type: object + disk_space: + description: The disk space of the service, possible values depend + on the service type, the cloud provider and the project. Reducing + will result in the service re-balancing. + format: ^[1-9][0-9]*(GiB|G)* + type: string + maintenanceWindowDow: + description: Day of week when maintenance operations should be performed. + One monday, tuesday, wednesday, etc. + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + maintenanceWindowTime: + description: Time of day when maintenance operations should be performed. + UTC time in HH:mm:ss format. + maxLength: 8 + type: string + plan: + description: Subscription plan. + maxLength: 128 + type: string + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf - public_access: - description: Allow access to selected service ports from the public - Internet + projectVPCRef: + description: ProjectVPCRef reference to ProjectVPC resource to use + its ID as ProjectVPCID automatically + properties: + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + required: [name] + type: object + projectVpcId: + description: Identifier of the VPC the service should be in, if + any. + maxLength: 36 + type: string + serviceIntegrations: + description: Service integrations to specify when creating a service. + Not applied after initial service creation + items: + description: Service integrations to specify when creating a service. + Not applied after initial service creation properties: - clickhouse: - description: Allow clients to connect to clickhouse from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - clickhouse_https: - description: Allow clients to connect to clickhouse_https - from the public internet for service nodes that are in a - project VPC or another type of private network - type: boolean - clickhouse_mysql: - description: Allow clients to connect to clickhouse_mysql - from the public internet for service nodes that are in a - project VPC or another type of private network - type: boolean - prometheus: - description: Allow clients to connect to prometheus from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean + integrationType: + enum: [read_replica] + type: string + sourceServiceName: + maxLength: 64 + minLength: 1 + type: string + required: [integrationType, sourceServiceName] type: object - service_log: - description: Store logs for the service so that they are available - in the HTTP API and console. - type: boolean - service_to_fork_from: - description: Name of another service to fork from. This has effect - only when a new service is being created. - maxLength: 64 - type: string - x-kubernetes-validations: + maxItems: 1 + type: array + x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf - static_ips: - description: Use static public IP addresses - type: boolean - type: object - required: - - plan - - project - type: object - status: - description: ServiceStatus defines the observed state of service - properties: - conditions: - description: Conditions represent the latest available observations - of a service state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + tags: + additionalProperties: + type: string + description: Tags are key-value pairs that allow you to categorize + services. + type: object + terminationProtection: + description: Prevent service from being deleted. It is recommended + to have this enabled for all services. + type: boolean + userConfig: + description: OpenSearch specific user configuration options properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown + additional_backup_regions: + description: Additional Cloud Regions for Backup Replication + items: + type: string + maxItems: 1 + type: array + ip_filter: + description: Allow incoming connections from CIDR address block, + e.g. '10.20.0.0/16' + items: + description: CIDR address block, either as a string, or in + a dict with an optional description field + properties: + description: + description: Description for IP filter list entry + maxLength: 1024 + type: string + network: + description: CIDR address block + maxLength: 43 + type: string + required: [network] + type: object + maxItems: 1024 + type: array + private_access: + description: Allow access to selected service ports from private + networks + properties: + clickhouse: + description: Allow clients to connect to clickhouse with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + clickhouse_https: + description: Allow clients to connect to clickhouse_https + with a DNS name that always resolves to the service's + private IP addresses. Only available in certain network + locations + type: boolean + clickhouse_mysql: + description: Allow clients to connect to clickhouse_mysql + with a DNS name that always resolves to the service's + private IP addresses. Only available in certain network + locations + type: boolean + prometheus: + description: Allow clients to connect to prometheus with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + type: object + privatelink_access: + description: Allow access to selected service components through + Privatelink + properties: + clickhouse: + description: Enable clickhouse + type: boolean + clickhouse_https: + description: Enable clickhouse_https + type: boolean + clickhouse_mysql: + description: Enable clickhouse_mysql + type: boolean + prometheus: + description: Enable prometheus + type: boolean + type: object + project_to_fork_from: + description: Name of another project to fork a service from. + This has effect only when a new service is being created. + maxLength: 63 type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + public_access: + description: Allow access to selected service ports from the + public Internet + properties: + clickhouse: + description: Allow clients to connect to clickhouse from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + clickhouse_https: + description: Allow clients to connect to clickhouse_https + from the public internet for service nodes that are in + a project VPC or another type of private network + type: boolean + clickhouse_mysql: + description: Allow clients to connect to clickhouse_mysql + from the public internet for service nodes that are in + a project VPC or another type of private network + type: boolean + prometheus: + description: Allow clients to connect to prometheus from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + type: object + service_log: + description: Store logs for the service so that they are available + in the HTTP API and console. + type: boolean + service_to_fork_from: + description: Name of another service to fork from. This has + effect only when a new service is being created. + maxLength: 64 type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + static_ips: + description: Use static public IP addresses + type: boolean type: object - type: array - state: - description: Service state - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + required: [plan, project] + type: object + status: + description: ServiceStatus defines the observed state of service + properties: + conditions: + description: Conditions represent the latest available observations + of a service state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + state: + description: Service state + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_clickhouseusers.yaml b/config/crd/bases/aiven.io_clickhouseusers.yaml index d28df3a9..53971b00 100644 --- a/config/crd/bases/aiven.io_clickhouseusers.yaml +++ b/config/crd/bases/aiven.io_clickhouseusers.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: clickhouseusers.aiven.io + spec: group: aiven.io names: @@ -15,179 +17,167 @@ spec: singular: clickhouseuser scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.serviceName - name: Service Name - type: string - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.connInfoSecretTarget.name - name: Connection Information Secret - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ClickhouseUser is the Schema for the clickhouseusers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClickhouseUserSpec defines the desired state of ClickhouseUser - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - connInfoSecretTarget: - description: 'Information regarding secret creation. Exposed keys: - `CLICKHOUSEUSER_HOST`, `CLICKHOUSEUSER_PORT`, `CLICKHOUSEUSER_USER`, - `CLICKHOUSEUSER_PASSWORD`' - properties: - annotations: - additionalProperties: - type: string - description: Annotations added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - additionalProperties: - type: string - description: Labels added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: Name of the secret resource to be created. By default, - is equal to the resource name - type: string - prefix: - description: Prefix for the secret's keys. Added "as is" without - any transformations. By default, is equal to the kind name in - uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - type: string - required: - - name - type: object - project: - description: Project to link the user to - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - serviceName: - description: Service to link the user to - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - required: - - project - - serviceName - type: object - status: - description: ClickhouseUserStatus defines the observed state of ClickhouseUser - properties: - conditions: - description: Conditions represent the latest available observations - of an ClickhouseUser state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + - additionalPrinterColumns: + - jsonPath: .spec.serviceName + name: Service Name + type: string + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.connInfoSecretTarget.name + name: Connection Information Secret + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClickhouseUser is the Schema for the clickhouseusers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClickhouseUserSpec defines the desired state of ClickhouseUser + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 + key: + minLength: 1 type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 + name: minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown + required: [key, name] + type: object + connInfoSecretTarget: + description: 'Information regarding secret creation. Exposed keys: + `CLICKHOUSEUSER_HOST`, `CLICKHOUSEUSER_PORT`, `CLICKHOUSEUSER_USER`, + `CLICKHOUSEUSER_PASSWORD`' + properties: + annotations: + additionalProperties: + type: string + description: Annotations added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: + type: string + description: Labels added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Name of the secret resource to be created. By default, + is equal to the resource name type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + prefix: + description: Prefix for the secret's keys. Added "as is" without + any transformations. By default, is equal to the kind name + in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + required: [name] type: object - type: array - uuid: - description: Clickhouse user UUID - type: string - required: - - conditions - - uuid - type: object - type: object - served: true - storage: true - subresources: - status: {} + project: + description: Project to link the user to + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + serviceName: + description: Service to link the user to + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + required: [project, serviceName] + type: object + status: + description: ClickhouseUserStatus defines the observed state of ClickhouseUser + properties: + conditions: + description: Conditions represent the latest available observations + of an ClickhouseUser state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + uuid: + description: Clickhouse user UUID + type: string + required: [conditions, uuid] + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_connectionpools.yaml b/config/crd/bases/aiven.io_connectionpools.yaml index f8b3d439..f7eb428b 100644 --- a/config/crd/bases/aiven.io_connectionpools.yaml +++ b/config/crd/bases/aiven.io_connectionpools.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: connectionpools.aiven.io + spec: group: aiven.io names: @@ -15,200 +17,184 @@ spec: singular: connectionpool scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.serviceName - name: Service Name - type: string - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.databaseName - name: Database - type: string - - jsonPath: .spec.username - name: Username - type: string - - jsonPath: .spec.poolSize - name: Pool Size - type: string - - jsonPath: .spec.poolMode - name: Pool Mode - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ConnectionPool is the Schema for the connectionpools API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConnectionPoolSpec defines the desired state of ConnectionPool - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - connInfoSecretTarget: - description: 'Information regarding secret creation. Exposed keys: - `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, - `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, - `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`' - properties: - annotations: - additionalProperties: - type: string - description: Annotations added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - additionalProperties: - type: string - description: Labels added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: Name of the secret resource to be created. By default, - is equal to the resource name - type: string - prefix: - description: Prefix for the secret's keys. Added "as is" without - any transformations. By default, is equal to the kind name in - uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - type: string - required: - - name - type: object - databaseName: - description: Name of the database the pool connects to - maxLength: 40 - type: string - poolMode: - description: Mode the pool operates in (session, transaction, statement) - enum: - - session - - transaction - - statement - type: string - poolSize: - description: Number of connections the pool may create towards the - backend server - type: integer - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - serviceName: - description: Service name. - maxLength: 63 - type: string - username: - description: Name of the service user used to connect to the database - maxLength: 64 - type: string - required: - - databaseName - - project - - serviceName - - username - type: object - status: - description: ConnectionPoolStatus defines the observed state of ConnectionPool - properties: - conditions: - description: Conditions represent the latest available observations - of an ConnectionPool state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + - additionalPrinterColumns: + - jsonPath: .spec.serviceName + name: Service Name + type: string + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.databaseName + name: Database + type: string + - jsonPath: .spec.username + name: Username + type: string + - jsonPath: .spec.poolSize + name: Pool Size + type: string + - jsonPath: .spec.poolMode + name: Pool Mode + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ConnectionPool is the Schema for the connectionpools API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConnectionPoolSpec defines the desired state of ConnectionPool + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 + key: + minLength: 1 type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 + name: minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown + required: [key, name] + type: object + connInfoSecretTarget: + description: 'Information regarding secret creation. Exposed keys: + `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, + `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, + `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`' + properties: + annotations: + additionalProperties: + type: string + description: Annotations added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: + type: string + description: Labels added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Name of the secret resource to be created. By default, + is equal to the resource name type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + prefix: + description: Prefix for the secret's keys. Added "as is" without + any transformations. By default, is equal to the kind name + in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + required: [name] type: object - type: array - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} + databaseName: + description: Name of the database the pool connects to + maxLength: 40 + type: string + poolMode: + description: Mode the pool operates in (session, transaction, statement) + enum: [session, transaction, statement] + type: string + poolSize: + description: Number of connections the pool may create towards the + backend server + type: integer + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + serviceName: + description: Service name. + maxLength: 63 + type: string + username: + description: Name of the service user used to connect to the database + maxLength: 64 + type: string + required: [databaseName, project, serviceName, username] + type: object + status: + description: ConnectionPoolStatus defines the observed state of ConnectionPool + properties: + conditions: + description: Conditions represent the latest available observations + of an ConnectionPool state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + required: [conditions] + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_crd-all.gen.yaml b/config/crd/bases/aiven.io_crd-all.gen.yaml index 66371143..f912d71f 100644 --- a/config/crd/bases/aiven.io_crd-all.gen.yaml +++ b/config/crd/bases/aiven.io_crd-all.gen.yaml @@ -1,12 +1,13 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + creationTimestamp: name: opensearches.aiven.io + spec: group: aiven.io names: @@ -16,588 +17,588 @@ spec: singular: opensearch scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: OpenSearch is the Schema for the opensearches API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OpenSearchSpec defines the desired state of OpenSearch - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - cloudName: - description: Cloud the service runs in. - maxLength: 256 - type: string - connInfoSecretTarget: - description: Information regarding secret creation - properties: - name: - description: Name of the Secret resource to be created - type: string - required: - - name - type: object - disk_space: - description: The disk space of the service, possible values depend - on the service type, the cloud provider and the project. Reducing - will result in the service re-balancing. - format: ^[1-9][0-9]*(GiB|G)* - type: string - maintenanceWindowDow: - description: Day of week when maintenance operations should be performed. - One monday, tuesday, wednesday, etc. - enum: - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - - sunday - - never - type: string - maintenanceWindowTime: - description: Time of day when maintenance operations should be performed. - UTC time in HH:mm:ss format. - maxLength: 8 - type: string - plan: - description: Subscription plan. - maxLength: 128 - type: string - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - projectVpcId: - description: Identifier of the VPC the service should be in, if any. - maxLength: 36 - type: string - tags: - additionalProperties: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OpenSearch is the Schema for the opensearches API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OpenSearchSpec defines the desired state of OpenSearch + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret + properties: + key: + minLength: 1 + type: string + name: + minLength: 1 + type: string + required: [key, name] + type: object + cloudName: + description: Cloud the service runs in. + maxLength: 256 type: string - description: Tags are key-value pairs that allow you to categorize - services. - type: object - terminationProtection: - description: Prevent service from being deleted. It is recommended - to have this enabled for all services. - type: boolean - userConfig: - description: OpenSearch specific user configuration options - properties: - custom_domain: - description: Custom domain Serve the web frontend using a custom - CNAME pointing to the Aiven DNS name - maxLength: 255 + connInfoSecretTarget: + description: Information regarding secret creation + properties: + name: + description: Name of the Secret resource to be created + type: string + required: [name] + type: object + disk_space: + description: The disk space of the service, possible values depend + on the service type, the cloud provider and the project. Reducing + will result in the service re-balancing. + format: ^[1-9][0-9]*(GiB|G)* + type: string + maintenanceWindowDow: + description: Day of week when maintenance operations should be performed. + One monday, tuesday, wednesday, etc. + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + - never + type: string + maintenanceWindowTime: + description: Time of day when maintenance operations should be performed. + UTC time in HH:mm:ss format. + maxLength: 8 + type: string + plan: + description: Subscription plan. + maxLength: 128 + type: string + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + projectVpcId: + description: Identifier of the VPC the service should be in, if + any. + maxLength: 36 + type: string + tags: + additionalProperties: type: string - disable_replication_factor_adjustment: - description: 'Disable replication factor adjustment DEPRECATED: - Disable automatic replication factor adjustment for multi-node - services. By default, Aiven ensures all indexes are replicated - at least to two nodes. Note: Due to potential data loss in case - of losing a service node, this setting can no longer be activated.' - type: boolean - index_patterns: - description: 'Allows you to create glob style patterns and set - a max number of indexes matching this pattern you want to keep. - Creating indexes exceeding this value will cause the oldest - one to get deleted. You could for example create a pattern looking - like ''logs.?'' and then create index logs.1, logs.2 etc, it - will delete logs.1 once you create logs.6. Do note ''logs.?'' - does not apply to logs.10. Note: Setting max_index_count to - 0 will do nothing and the pattern gets ignored.' - items: + description: Tags are key-value pairs that allow you to categorize + services. + type: object + terminationProtection: + description: Prevent service from being deleted. It is recommended + to have this enabled for all services. + type: boolean + userConfig: + description: OpenSearch specific user configuration options + properties: + custom_domain: + description: Custom domain Serve the web frontend using a custom + CNAME pointing to the Aiven DNS name + maxLength: 255 + type: string + disable_replication_factor_adjustment: + description: 'Disable replication factor adjustment DEPRECATED: + Disable automatic replication factor adjustment for multi-node + services. By default, Aiven ensures all indexes are replicated + at least to two nodes. Note: Due to potential data loss in + case of losing a service node, this setting can no longer + be activated.' + type: boolean + index_patterns: + description: "Allows you to create glob style patterns and set\ + \ a max number of indexes matching this pattern you want to\ + \ keep. Creating indexes exceeding this value will cause the\ + \ oldest one to get deleted. You could for example create\ + \ a pattern looking like 'logs.?' and then create index logs.1,\ + \ logs.2 etc, it will delete logs.1 once you create logs.6.\ + \ Do note 'logs.?' does not apply to logs.10. Note: Setting\ + \ max_index_count to 0 will do nothing and the pattern gets\ + \ ignored." + items: + properties: + max_index_count: + description: Maximum number of indexes to keep + format: int64 + minimum: 0 + type: integer + pattern: + description: Must consist of alphanumeric characters, + dashes, underscores, dots and glob characters (* and + ?) + maxLength: 1024 + type: string + type: object + type: array + index_template: + description: Template settings for all new indexes properties: - max_index_count: - description: Maximum number of indexes to keep + mapping_nested_objects_limit: + description: index.mapping.nested_objects.limit The maximum + number of nested JSON objects that a single document can + contain across all nested types. This limit helps to prevent + out of memory errors when a document contains too many + nested objects. Default is 10000. format: int64 + maximum: 100000 minimum: 0 type: integer - pattern: - description: Must consist of alpha-numeric characters, dashes, - underscores, dots and glob characters (* and ?) - maxLength: 1024 - type: string + number_of_replicas: + description: index.number_of_replicas The number of replicas + each primary shard has. + format: int64 + maximum: 29 + minimum: 0 + type: integer + number_of_shards: + description: index.number_of_shards The number of primary + shards that an index should have. + format: int64 + maximum: 1024 + minimum: 1 + type: integer type: object - type: array - index_template: - description: Template settings for all new indexes - properties: - mapping_nested_objects_limit: - description: index.mapping.nested_objects.limit The maximum - number of nested JSON objects that a single document can - contain across all nested types. This limit helps to prevent - out of memory errors when a document contains too many nested - objects. Default is 10000. - format: int64 - maximum: 100000 - minimum: 0 - type: integer - number_of_replicas: - description: index.number_of_replicas The number of replicas - each primary shard has. - format: int64 - maximum: 29 - minimum: 0 - type: integer - number_of_shards: - description: index.number_of_shards The number of primary - shards that an index should have. - format: int64 - maximum: 1024 - minimum: 1 - type: integer - type: object - ip_filter: - description: 'Glob pattern and number of indexes matching that - pattern to be kept Allows you to create glob style patterns - and set a max number of indexes matching this pattern you want - to keep. Creating indexes exceeding this value will cause the - oldest one to get deleted. You could for example create a pattern - looking like ''logs.?'' and then create index logs.1, logs.2 - etc, it will delete logs.1 once you create logs.6. Do note ''logs.?'' - does not apply to logs.10. Note: Setting max_index_count to - 0 will do nothing and the pattern gets ignored. IP filter Allow - incoming connections from CIDR address block, e.g. ''10.20.0.0/16''' - items: - type: string - type: array - keep_index_refresh_interval: - description: Don't reset index.refresh_interval to the default - value Aiven automation resets index.refresh_interval to default - value for every index to be sure that indices are always visible - to search. If it doesn't fit your case, you can disable this - by setting up this flag to true. - type: boolean - max_index_count: - description: Maximum index count Maximum number of indexes to - keep before deleting the oldest one - format: int64 - minimum: 0 - type: integer - opensearch: - description: OpenSearch settings - properties: - action_auto_create_index_enabled: - description: action.auto_create_index Explicitly allow or - block automatic creation of indices. Defaults to true - type: boolean - action_destructive_requires_name: - description: Require explicit index names when deleting - type: boolean - cluster_max_shards_per_node: - description: cluster.max_shards_per_node Controls the number - of shards allowed in the cluster per data node - format: int64 - maximum: 10000 - minimum: 100 - type: integer - http_max_content_length: - description: http.max_content_length Maximum content length - for HTTP requests to the OpenSearch HTTP API, in bytes. - format: int64 - maximum: 2147483647 - minimum: 1 - type: integer - http_max_header_size: - description: http.max_header_size The max size of allowed - headers, in bytes - format: int64 - maximum: 262144 - minimum: 1024 - type: integer - http_max_initial_line_length: - description: http.max_initial_line_length The max length of - an HTTP URL, in bytes - format: int64 - maximum: 65536 - minimum: 1024 - type: integer - indices_fielddata_cache_size: - description: indices.fielddata.cache.size Relative amount. - Maximum amount of heap memory used for field data cache. - This is an expert setting; decreasing the value too much - will increase overhead of loading field data; too much memory - used for field data cache will decrease amount of heap available - for other operations. - format: int64 - maximum: 100 - minimum: 3 - type: integer - indices_memory_index_buffer_size: - description: indices.memory.index_buffer_size Percentage value. - Default is 10%. Total amount of heap used for indexing buffer, - before writing segments to disk. This is an expert setting. - Too low value will slow down indexing; too high value will - increase indexing performance but causes performance issues - for query performance. - format: int64 - maximum: 40 - minimum: 3 - type: integer - indices_queries_cache_size: - description: indices.queries.cache.size Percentage value. - Default is 10%. Maximum amount of heap used for query cache. - This is an expert setting. Too low value will decrease query - performance and increase performance for other operations; - too high value will cause issues with other OpenSearch functionality. - format: int64 - maximum: 40 - minimum: 3 - type: integer - indices_query_bool_max_clause_count: - description: indices.query.bool.max_clause_count Maximum number - of clauses Lucene BooleanQuery can have. The default value - (1024) is relatively high, and increasing it may cause performance - issues. Investigate other approaches first before increasing - this value. - format: int64 - maximum: 4096 - minimum: 64 - type: integer - reindex_remote_whitelist: - description: reindex_remote_whitelist Whitelisted addresses - for reindexing. Changing this value will cause all OpenSearch - instances to restart. Address (hostname:port or IP:port) - items: - type: string - type: array - search_max_buckets: - description: search.max_buckets Maximum number of aggregation - buckets allowed in a single response. OpenSearch default - value is used when this is not defined. - format: int64 - maximum: 20000 - minimum: 1 - type: integer - thread_pool_analyze_queue_size: - description: analyze thread pool queue size for the thread - pool queue. See documentation for exact details. - format: int64 - maximum: 2000 - minimum: 10 - type: integer - thread_pool_analyze_size: - description: analyze thread pool size for the thread pool. - See documentation for exact details. Do note this may have - maximum value depending on CPU count - value is automatically - lowered if set to higher than maximum value. - format: int64 - maximum: 128 - minimum: 1 - type: integer - thread_pool_force_merge_size: - description: force_merge thread pool size for the thread pool. - See documentation for exact details. Do note this may have - maximum value depending on CPU count - value is automatically - lowered if set to higher than maximum value. - format: int64 - maximum: 128 - minimum: 1 - type: integer - thread_pool_get_queue_size: - description: get thread pool queue size for the thread pool - queue. See documentation for exact details. - format: int64 - maximum: 2000 - minimum: 10 - type: integer - thread_pool_get_size: - description: get thread pool size for the thread pool. See - documentation for exact details. Do note this may have maximum - value depending on CPU count - value is automatically lowered - if set to higher than maximum value. - format: int64 - maximum: 128 - minimum: 1 - type: integer - thread_pool_index_size: - description: index thread pool size for the thread pool. See - documentation for exact details. Do note this may have maximum - value depending on CPU count - value is automatically lowered - if set to higher than maximum value. - format: int64 - maximum: 128 - minimum: 1 - type: integer - thread_pool_search_queue_size: - description: search thread pool queue size for the thread - pool queue. See documentation for exact details. - format: int64 - maximum: 2000 - minimum: 10 - type: integer - thread_pool_search_size: - description: search thread pool size for the thread pool. - See documentation for exact details. Do note this may have - maximum value depending on CPU count - value is automatically - lowered if set to higher than maximum value. - format: int64 - maximum: 128 - minimum: 1 - type: integer - thread_pool_search_throttled_queue_size: - description: search_throttled thread pool queue size for the - thread pool queue. See documentation for exact details. - format: int64 - maximum: 2000 - minimum: 10 - type: integer - thread_pool_search_throttled_size: - description: search_throttled thread pool size for the thread - pool. See documentation for exact details. Do note this - may have maximum value depending on CPU count - value is - automatically lowered if set to higher than maximum value. - format: int64 - maximum: 128 - minimum: 1 - type: integer - thread_pool_write_queue_size: - description: write thread pool queue size for the thread pool - queue. See documentation for exact details. - format: int64 - maximum: 2000 - minimum: 10 - type: integer - thread_pool_write_size: - description: write thread pool size for the thread pool. See - documentation for exact details. Do note this may have maximum - value depending on CPU count - value is automatically lowered - if set to higher than maximum value. - format: int64 - maximum: 128 - minimum: 1 - type: integer - type: object - opensearch_dashboards: - description: OpenSearch Dashboards settings - properties: - enabled: - description: Enable or disable OpenSearch Dashboards - type: boolean - max_old_space_size: - description: 'max_old_space_size Limits the maximum amount - of memory (in MiB) the OpenSearch Dashboards process can - use. This sets the max_old_space_size option of the nodejs - running the OpenSearch Dashboards. Note: the memory reserved - by OpenSearch Dashboards is not available for OpenSearch.' - format: int64 - maximum: 1024 - minimum: 64 - type: integer - opensearch_request_timeout: - description: Timeout in milliseconds for requests made by - OpenSearch Dashboards towards OpenSearch - format: int64 - maximum: 120000 - minimum: 5000 - type: integer - type: object - opensearch_version: - description: OpenSearch major version - type: string - private_access: - description: Allow access to selected service ports from private - networks - properties: - opensearch: - description: Allow clients to connect to opensearch with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - opensearch_dashboards: - description: Allow clients to connect to opensearch_dashboards - with a DNS name that always resolves to the service's private - IP addresses. Only available in certain network locations - type: boolean - prometheus: - description: Allow clients to connect to prometheus with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - type: object - privatelink_access: - description: Allow access to selected service components through - Privatelink - properties: - opensearch: - description: Enable opensearch - type: boolean - opensearch_dashboards: - description: Enable opensearch_dashboards - type: boolean - type: object - project_to_fork_from: - description: Name of another project to fork a service from. This - has effect only when a new service is being created. - maxLength: 63 - type: string - public_access: - description: Allow access to selected service ports from the public - Internet - properties: - opensearch: - description: Allow clients to connect to opensearch from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - opensearch_dashboards: - description: Allow clients to connect to opensearch_dashboards - from the public internet for service nodes that are in a - project VPC or another type of private network - type: boolean - prometheus: - description: Allow clients to connect to prometheus from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - type: object - recovery_basebackup_name: - description: Name of the basebackup to restore in forked service - format: ^[a-zA-Z0-9-_:.]+$ - maxLength: 128 - type: string - service_to_fork_from: - description: Name of another service to fork from. This has effect - only when a new service is being created. - maxLength: 63 - type: string - static_ips: - description: Static IP addresses Use static public IP addresses - type: boolean - type: object - required: - - authSecretRef - - project - type: object - status: - description: ServiceStatus defines the observed state of service - properties: - conditions: - description: Conditions represent the latest available observations - of a service state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + ip_filter: + description: "Glob pattern and number of indexes matching that\ + \ pattern to be kept Allows you to create glob style patterns\ + \ and set a max number of indexes matching this pattern you\ + \ want to keep. Creating indexes exceeding this value will\ + \ cause the oldest one to get deleted. You could for example\ + \ create a pattern looking like 'logs.?' and then create index\ + \ logs.1, logs.2 etc, it will delete logs.1 once you create\ + \ logs.6. Do note 'logs.?' does not apply to logs.10. Note:\ + \ Setting max_index_count to 0 will do nothing and the pattern\ + \ gets ignored. IP filter Allow incoming connections from\ + \ CIDR address block, e.g. '10.20.0.0/16'" + items: + type: string + type: array + keep_index_refresh_interval: + description: Don't reset index.refresh_interval to the default + value Aiven automation resets index.refresh_interval to default + value for every index to be sure that indices are always visible + to search. If it doesn't fit your case, you can disable this + by setting up this flag to true. + type: boolean + max_index_count: + description: Maximum index count Maximum number of indexes to + keep before deleting the oldest one format: int64 minimum: 0 type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + opensearch: + description: OpenSearch settings + properties: + action_auto_create_index_enabled: + description: action.auto_create_index Explicitly allow or + block automatic creation of indices. Defaults to true + type: boolean + action_destructive_requires_name: + description: Require explicit index names when deleting + type: boolean + cluster_max_shards_per_node: + description: cluster.max_shards_per_node Controls the number + of shards allowed in the cluster per data node + format: int64 + maximum: 10000 + minimum: 100 + type: integer + http_max_content_length: + description: http.max_content_length Maximum content length + for HTTP requests to the OpenSearch HTTP API, in bytes. + format: int64 + maximum: 2147483647 + minimum: 1 + type: integer + http_max_header_size: + description: http.max_header_size The max size of allowed + headers, in bytes + format: int64 + maximum: 262144 + minimum: 1024 + type: integer + http_max_initial_line_length: + description: http.max_initial_line_length The max length + of an HTTP URL, in bytes + format: int64 + maximum: 65536 + minimum: 1024 + type: integer + indices_fielddata_cache_size: + description: indices.fielddata.cache.size Relative amount. + Maximum amount of heap memory used for field data cache. + This is an expert setting; decreasing the value too much + will increase overhead of loading field data; too much + memory used for field data cache will decrease amount + of heap available for other operations. + format: int64 + maximum: 100 + minimum: 3 + type: integer + indices_memory_index_buffer_size: + description: indices.memory.index_buffer_size Percentage + value. Default is 10%. Total amount of heap used for indexing + buffer, before writing segments to disk. This is an expert + setting. Too low value will slow down indexing; too high + value will increase indexing performance but causes performance + issues for query performance. + format: int64 + maximum: 40 + minimum: 3 + type: integer + indices_queries_cache_size: + description: indices.queries.cache.size Percentage value. + Default is 10%. Maximum amount of heap used for query + cache. This is an expert setting. Too low value will decrease + query performance and increase performance for other operations; + too high value will cause issues with other OpenSearch + functionality. + format: int64 + maximum: 40 + minimum: 3 + type: integer + indices_query_bool_max_clause_count: + description: indices.query.bool.max_clause_count Maximum + number of clauses Lucene BooleanQuery can have. The default + value (1024) is relatively high, and increasing it may + cause performance issues. Investigate other approaches + first before increasing this value. + format: int64 + maximum: 4096 + minimum: 64 + type: integer + reindex_remote_whitelist: + description: reindex_remote_whitelist Whitelisted addresses + for reindexing. Changing this value will cause all OpenSearch + instances to restart. Address (hostname:port or IP:port) + items: + type: string + type: array + search_max_buckets: + description: search.max_buckets Maximum number of aggregation + buckets allowed in a single response. OpenSearch default + value is used when this is not defined. + format: int64 + maximum: 20000 + minimum: 1 + type: integer + thread_pool_analyze_queue_size: + description: analyze thread pool queue size for the thread + pool queue. See documentation for exact details. + format: int64 + maximum: 2000 + minimum: 10 + type: integer + thread_pool_analyze_size: + description: analyze thread pool size for the thread pool. + See documentation for exact details. Do note this may + have maximum value depending on CPU count - value is automatically + lowered if set to higher than maximum value. + format: int64 + maximum: 128 + minimum: 1 + type: integer + thread_pool_force_merge_size: + description: force_merge thread pool size for the thread + pool. See documentation for exact details. Do note this + may have maximum value depending on CPU count - value + is automatically lowered if set to higher than maximum + value. + format: int64 + maximum: 128 + minimum: 1 + type: integer + thread_pool_get_queue_size: + description: get thread pool queue size for the thread pool + queue. See documentation for exact details. + format: int64 + maximum: 2000 + minimum: 10 + type: integer + thread_pool_get_size: + description: get thread pool size for the thread pool. See + documentation for exact details. Do note this may have + maximum value depending on CPU count - value is automatically + lowered if set to higher than maximum value. + format: int64 + maximum: 128 + minimum: 1 + type: integer + thread_pool_index_size: + description: index thread pool size for the thread pool. + See documentation for exact details. Do note this may + have maximum value depending on CPU count - value is automatically + lowered if set to higher than maximum value. + format: int64 + maximum: 128 + minimum: 1 + type: integer + thread_pool_search_queue_size: + description: search thread pool queue size for the thread + pool queue. See documentation for exact details. + format: int64 + maximum: 2000 + minimum: 10 + type: integer + thread_pool_search_size: + description: search thread pool size for the thread pool. + See documentation for exact details. Do note this may + have maximum value depending on CPU count - value is automatically + lowered if set to higher than maximum value. + format: int64 + maximum: 128 + minimum: 1 + type: integer + thread_pool_search_throttled_queue_size: + description: search_throttled thread pool queue size for + the thread pool queue. See documentation for exact details. + format: int64 + maximum: 2000 + minimum: 10 + type: integer + thread_pool_search_throttled_size: + description: search_throttled thread pool size for the thread + pool. See documentation for exact details. Do note this + may have maximum value depending on CPU count - value + is automatically lowered if set to higher than maximum + value. + format: int64 + maximum: 128 + minimum: 1 + type: integer + thread_pool_write_queue_size: + description: write thread pool queue size for the thread + pool queue. See documentation for exact details. + format: int64 + maximum: 2000 + minimum: 10 + type: integer + thread_pool_write_size: + description: write thread pool size for the thread pool. + See documentation for exact details. Do note this may + have maximum value depending on CPU count - value is automatically + lowered if set to higher than maximum value. + format: int64 + maximum: 128 + minimum: 1 + type: integer + type: object + opensearch_dashboards: + description: OpenSearch Dashboards settings + properties: + enabled: + description: Enable or disable OpenSearch Dashboards + type: boolean + max_old_space_size: + description: 'max_old_space_size Limits the maximum amount + of memory (in MiB) the OpenSearch Dashboards process can + use. This sets the max_old_space_size option of the nodejs + running the OpenSearch Dashboards. Note: the memory reserved + by OpenSearch Dashboards is not available for OpenSearch.' + format: int64 + maximum: 1024 + minimum: 64 + type: integer + opensearch_request_timeout: + description: Timeout in milliseconds for requests made by + OpenSearch Dashboards towards OpenSearch + format: int64 + maximum: 120000 + minimum: 5000 + type: integer + type: object + opensearch_version: + description: OpenSearch major version type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown + private_access: + description: Allow access to selected service ports from private + networks + properties: + opensearch: + description: Allow clients to connect to opensearch with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + opensearch_dashboards: + description: Allow clients to connect to opensearch_dashboards + with a DNS name that always resolves to the service's + private IP addresses. Only available in certain network + locations + type: boolean + prometheus: + description: Allow clients to connect to prometheus with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + type: object + privatelink_access: + description: Allow access to selected service components through + Privatelink + properties: + opensearch: + description: Enable opensearch + type: boolean + opensearch_dashboards: + description: Enable opensearch_dashboards + type: boolean + type: object + project_to_fork_from: + description: Name of another project to fork a service from. + This has effect only when a new service is being created. + maxLength: 63 type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + public_access: + description: Allow access to selected service ports from the + public Internet + properties: + opensearch: + description: Allow clients to connect to opensearch from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + opensearch_dashboards: + description: Allow clients to connect to opensearch_dashboards + from the public internet for service nodes that are in + a project VPC or another type of private network + type: boolean + prometheus: + description: Allow clients to connect to prometheus from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + type: object + recovery_basebackup_name: + description: Name of the basebackup to restore in forked service + format: ^[a-zA-Z0-9-_:.]+$ + maxLength: 128 + type: string + service_to_fork_from: + description: Name of another service to fork from. This has + effect only when a new service is being created. + maxLength: 63 type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + static_ips: + description: Static IP addresses Use static public IP addresses + type: boolean type: object - type: array - state: - description: Service state - type: string - required: - - conditions - - state - type: object - type: object - served: true - storage: true - subresources: - status: {} + required: [authSecretRef, project] + type: object + status: + description: ServiceStatus defines the observed state of service + properties: + conditions: + description: Conditions represent the latest available observations + of a service state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" \ + \ // +patchMergeKey=type // +patchStrategy=merge //\ + \ +listType=map // +listMapKey=type Conditions []metav1.Condition\ + \ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"\ + type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other\ + \ fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + state: + description: Service state + type: string + required: [conditions, state] + type: object + type: object + served: true + storage: true + subresources: + status: {} + status: acceptedNames: - kind: "" - plural: "" + kind: '' + plural: '' conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + creationTimestamp: name: kafkaacls.aiven.io + spec: group: aiven.io names: @@ -607,187 +608,178 @@ spec: singular: kafkaacl scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.serviceName - name: Service Name - type: string - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.username - name: Username - type: string - - jsonPath: .spec.permission - name: Permission - type: string - - jsonPath: .spec.topic - name: Topic - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: KafkaACL is the Schema for the kafkaacls API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaACLSpec defines the desired state of KafkaACL - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - permission: - description: Kafka permission to grant (admin, read, readwrite, write) - enum: - - admin - - read - - readwrite - - write - type: string - project: - description: Project to link the Kafka ACL to - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - serviceName: - description: Service to link the Kafka ACL to - maxLength: 63 - type: string - topic: - description: Topic name pattern for the ACL entry - type: string - username: - description: Username pattern for the ACL entry - type: string - required: - - authSecretRef - - permission - - project - - serviceName - - topic - - username - type: object - status: - description: KafkaACLStatus defines the observed state of KafkaACL - properties: - conditions: - description: Conditions represent the latest available observations - of an KafkaACL state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" + - additionalPrinterColumns: + - jsonPath: .spec.serviceName + name: Service Name + type: string + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.username + name: Username + type: string + - jsonPath: .spec.permission + name: Permission + type: string + - jsonPath: .spec.topic + name: Topic + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: KafkaACL is the Schema for the kafkaacls API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaACLSpec defines the desired state of KafkaACL + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 + key: minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + name: + minLength: 1 type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + required: [key, name] type: object - type: array - id: - description: Kafka ACL ID - type: string - required: - - conditions - - id - type: object - type: object - served: true - storage: true - subresources: - status: {} + permission: + description: Kafka permission to grant (admin, read, readwrite, + write) + enum: [admin, read, readwrite, write] + type: string + project: + description: Project to link the Kafka ACL to + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + serviceName: + description: Service to link the Kafka ACL to + maxLength: 63 + type: string + topic: + description: Topic name pattern for the ACL entry + type: string + username: + description: Username pattern for the ACL entry + type: string + required: + - authSecretRef + - permission + - project + - serviceName + - topic + - username + type: object + status: + description: KafkaACLStatus defines the observed state of KafkaACL + properties: + conditions: + description: Conditions represent the latest available observations + of an KafkaACL state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" \ + \ // +patchMergeKey=type // +patchStrategy=merge //\ + \ +listType=map // +listMapKey=type Conditions []metav1.Condition\ + \ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"\ + type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other\ + \ fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + id: + description: Kafka ACL ID + type: string + required: [conditions, id] + type: object + type: object + served: true + storage: true + subresources: + status: {} + status: acceptedNames: - kind: "" - plural: "" + kind: '' + plural: '' conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + creationTimestamp: name: kafkaconnectors.aiven.io + spec: group: aiven.io names: @@ -797,232 +789,217 @@ spec: singular: kafkaconnector scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.serviceName - name: Service Name - type: string - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.connectorClass - name: Connector Class - type: string - - jsonPath: .status.state - name: State - type: string - - jsonPath: .status.tasksStatus.total - name: Tasks Total - type: integer - - jsonPath: .status.tasksStatus.running - name: Tasks Running - type: integer - name: v1alpha1 - schema: - openAPIV3Schema: - description: KafkaConnector is the Schema for the kafkaconnectors API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaConnectorSpec defines the desired state of KafkaConnector - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - connectorClass: - description: The Java class of the connector. - maxLength: 1024 - type: string - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - serviceName: - description: Service name. - maxLength: 63 - type: string - userConfig: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .spec.serviceName + name: Service Name + type: string + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.connectorClass + name: Connector Class + type: string + - jsonPath: .status.state + name: State + type: string + - jsonPath: .status.tasksStatus.total + name: Tasks Total + type: integer + - jsonPath: .status.tasksStatus.running + name: Tasks Running + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: KafkaConnector is the Schema for the kafkaconnectors API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaConnectorSpec defines the desired state of KafkaConnector + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret + properties: + key: + minLength: 1 + type: string + name: + minLength: 1 + type: string + required: [key, name] + type: object + connectorClass: + description: The Java class of the connector. + maxLength: 1024 + type: string + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + serviceName: + description: Service name. + maxLength: 63 type: string - description: The connector specific configuration To build config - values from secret the template function `{{ fromSecret "name" "key" - }}` is provided when interpreting the keys - type: object - required: - - authSecretRef - - connectorClass - - project - - serviceName - - userConfig - type: object - status: - description: KafkaConnectorStatus defines the observed state of KafkaConnector - properties: - conditions: - description: Conditions represent the latest available observations - of an kafka connector state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" + userConfig: + additionalProperties: + type: string + description: The connector specific configuration To build config + values from secret the template function `{{ fromSecret "name" + "key" }}` is provided when interpreting the keys + type: object + required: + - authSecretRef + - connectorClass + - project + - serviceName + - userConfig + type: object + status: + description: KafkaConnectorStatus defines the observed state of KafkaConnector + properties: + conditions: + description: Conditions represent the latest available observations + of an kafka connector state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" \ + \ // +patchMergeKey=type // +patchStrategy=merge //\ + \ +listType=map // +listMapKey=type Conditions []metav1.Condition\ + \ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"\ + type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other\ + \ fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + pluginStatus: + description: PluginStatus contains metadata about the configured + connector plugin properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time + author: type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 + class: type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + docUrl: type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown + title: type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + version: + type: string + required: [author, class, docUrl, title, type, version] type: object - type: array - pluginStatus: - description: PluginStatus contains metadata about the configured connector - plugin - properties: - author: - type: string - class: - type: string - docUrl: - type: string - title: - type: string - type: - type: string - version: - type: string - required: - - author - - class - - docUrl - - title - - type - - version - type: object - state: - description: Connector state - type: string - tasksStatus: - description: TasksStatus contains metadata about the running tasks - properties: - failed: - type: integer - paused: - type: integer - running: - type: integer - stackTrace: - type: string - total: - type: integer - unassigned: - type: integer - unknown: - type: integer - required: - - total - type: object - required: - - conditions - - pluginStatus - - state - - tasksStatus - type: object - type: object - served: true - storage: true - subresources: - status: {} + state: + description: Connector state + type: string + tasksStatus: + description: TasksStatus contains metadata about the running tasks + properties: + failed: + type: integer + paused: + type: integer + running: + type: integer + stackTrace: + type: string + total: + type: integer + unassigned: + type: integer + unknown: + type: integer + required: [total] + type: object + required: [conditions, pluginStatus, state, tasksStatus] + type: object + type: object + served: true + storage: true + subresources: + status: {} + status: acceptedNames: - kind: "" - plural: "" + kind: '' + plural: '' conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + creationTimestamp: name: kafkaconnects.aiven.io + spec: group: aiven.io names: @@ -1032,284 +1009,277 @@ spec: singular: kafkaconnect scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: KafkaConnect is the Schema for the kafkaconnects API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaConnectSpec defines the desired state of KafkaConnect - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - cloudName: - description: Cloud the service runs in. - maxLength: 256 - type: string - maintenanceWindowDow: - description: Day of week when maintenance operations should be performed. - One monday, tuesday, wednesday, etc. - enum: - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - - sunday - - never - type: string - maintenanceWindowTime: - description: Time of day when maintenance operations should be performed. - UTC time in HH:mm:ss format. - maxLength: 8 - type: string - plan: - description: Subscription plan. - maxLength: 128 - type: string - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - projectVpcId: - description: Identifier of the VPC the service should be in, if any. - maxLength: 36 - type: string - tags: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .status.state + name: State + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: KafkaConnect is the Schema for the kafkaconnects API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaConnectSpec defines the desired state of KafkaConnect + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret + properties: + key: + minLength: 1 + type: string + name: + minLength: 1 + type: string + required: [key, name] + type: object + cloudName: + description: Cloud the service runs in. + maxLength: 256 type: string - description: Tags are key-value pairs that allow you to categorize - services. - type: object - terminationProtection: - description: Prevent service from being deleted. It is recommended - to have this enabled for all services. - type: boolean - userConfig: - description: PostgreSQL specific user configuration options - properties: - connector_client_config_override_policy: - description: Defines what client configurations can be overridden - by the connector. Default is None - type: string - consumer_auto_offset_reset: - description: What to do when there is no initial offset in Kafka - or if the current offset does not exist any more on the server. - Default is earliest - type: string - consumer_fetch_max_bytes: - description: Records are fetched in batches by the consumer, and - if the first record batch in the first non-empty partition of - the fetch is larger than this value, the record batch will still - be returned to ensure that the consumer can make progress. As - such, this is not a absolute maximum. - format: int64 - type: integer - consumer_isolation_level: - description: Transaction read isolation level. read_uncommitted - is the default, but read_committed can be used if consume-exactly-once - behavior is desired. + maintenanceWindowDow: + description: Day of week when maintenance operations should be performed. + One monday, tuesday, wednesday, etc. + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + - never + type: string + maintenanceWindowTime: + description: Time of day when maintenance operations should be performed. + UTC time in HH:mm:ss format. + maxLength: 8 + type: string + plan: + description: Subscription plan. + maxLength: 128 + type: string + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + projectVpcId: + description: Identifier of the VPC the service should be in, if + any. + maxLength: 36 + type: string + tags: + additionalProperties: type: string - consumer_max_partition_fetch_bytes: - description: Records are fetched in batches by the consumer.If - the first record batch in the first non-empty partition of the - fetch is larger than this limit, the batch will still be returned - to ensure that the consumer can make progress. - format: int64 - type: integer - consumer_max_poll_interval_ms: - description: The maximum delay in milliseconds between invocations - of poll() when using consumer group management (defaults to - 300000). - format: int64 - type: integer - consumer_max_poll_records: - description: The maximum number of records returned in a single - call to poll() (defaults to 500). - format: int64 - type: integer - offset_flush_interval_ms: - description: The interval at which to try committing offsets for - tasks (defaults to 60000). - format: int64 - type: integer - private_access: - description: Allow access to selected service ports from private - networks - properties: - kafka_connect: - description: Allow clients to connect to kafka_connect with - a DNS name that always resolves to the service's private - IP addresses. Only available in certain network locations - type: boolean - prometheus: - description: Allow clients to connect to prometheus with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - type: object - producer_max_request_size: - description: This setting will limit the number of record batches - the producer will send in a single request to avoid sending - huge requests. - format: int64 - type: integer - public_access: - description: Allow access to selected service ports from the public - Internet - properties: - kafka_connect: - description: Allow clients to connect to kafka_connect from - the public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - prometheus: - description: Allow clients to connect to prometheus from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - type: object - session_timeout_ms: - description: The timeout in milliseconds used to detect failures - when using Kafka’s group management facilities (defaults to - 10000). - format: int64 - type: integer - type: object - required: - - authSecretRef - - project - type: object - status: - description: ServiceStatus defines the observed state of service - properties: - conditions: - description: Conditions represent the latest available observations - of a service state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" + description: Tags are key-value pairs that allow you to categorize + services. + type: object + terminationProtection: + description: Prevent service from being deleted. It is recommended + to have this enabled for all services. + type: boolean + userConfig: + description: PostgreSQL specific user configuration options properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time + connector_client_config_override_policy: + description: Defines what client configurations can be overridden + by the connector. Default is None type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 + consumer_auto_offset_reset: + description: What to do when there is no initial offset in Kafka + or if the current offset does not exist any more on the server. + Default is earliest type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + consumer_fetch_max_bytes: + description: Records are fetched in batches by the consumer, + and if the first record batch in the first non-empty partition + of the fetch is larger than this value, the record batch will + still be returned to ensure that the consumer can make progress. + As such, this is not a absolute maximum. format: int64 - minimum: 0 type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown + consumer_isolation_level: + description: Transaction read isolation level. read_uncommitted + is the default, but read_committed can be used if consume-exactly-once + behavior is desired. type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + consumer_max_partition_fetch_bytes: + description: Records are fetched in batches by the consumer.If + the first record batch in the first non-empty partition of + the fetch is larger than this limit, the batch will still + be returned to ensure that the consumer can make progress. + format: int64 + type: integer + consumer_max_poll_interval_ms: + description: The maximum delay in milliseconds between invocations + of poll() when using consumer group management (defaults to + 300000). + format: int64 + type: integer + consumer_max_poll_records: + description: The maximum number of records returned in a single + call to poll() (defaults to 500). + format: int64 + type: integer + offset_flush_interval_ms: + description: The interval at which to try committing offsets + for tasks (defaults to 60000). + format: int64 + type: integer + private_access: + description: Allow access to selected service ports from private + networks + properties: + kafka_connect: + description: Allow clients to connect to kafka_connect with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + prometheus: + description: Allow clients to connect to prometheus with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + type: object + producer_max_request_size: + description: This setting will limit the number of record batches + the producer will send in a single request to avoid sending + huge requests. + format: int64 + type: integer + public_access: + description: Allow access to selected service ports from the + public Internet + properties: + kafka_connect: + description: Allow clients to connect to kafka_connect from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + prometheus: + description: Allow clients to connect to prometheus from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + type: object + session_timeout_ms: + description: The timeout in milliseconds used to detect failures + when using Kafka’s group management facilities (defaults to + 10000). + format: int64 + type: integer type: object - type: array - state: - description: Service state - type: string - required: - - conditions - - state - type: object - type: object - served: true - storage: true - subresources: - status: {} + required: [authSecretRef, project] + type: object + status: + description: ServiceStatus defines the observed state of service + properties: + conditions: + description: Conditions represent the latest available observations + of a service state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" \ + \ // +patchMergeKey=type // +patchStrategy=merge //\ + \ +listType=map // +listMapKey=type Conditions []metav1.Condition\ + \ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"\ + type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other\ + \ fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + state: + description: Service state + type: string + required: [conditions, state] + type: object + type: object + served: true + storage: true + subresources: + status: {} + status: acceptedNames: - kind: "" - plural: "" + kind: '' + plural: '' conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + creationTimestamp: name: kafkas.aiven.io + spec: group: aiven.io names: @@ -1319,753 +1289,729 @@ spec: singular: kafka scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.cloudName - name: Region - type: string - - jsonPath: .spec.plan - name: Plan - type: string - - jsonPath: .status.state - name: State - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Kafka is the Schema for the kafkas API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaSpec defines the desired state of Kafka - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - cloudName: - description: Cloud the service runs in. - maxLength: 256 - type: string - connInfoSecretTarget: - description: Information regarding secret creation - properties: - name: - description: Name of the Secret resource to be created - type: string - required: - - name - type: object - disk_space: - description: The disk space of the service, possible values depend - on the service type, the cloud provider and the project. Reducing - will result in the service re-balancing. - format: ^[1-9][0-9]*(GiB|G)* - type: string - karapace: - description: Switch the service to use Karapace for schema registry - and REST proxy - type: boolean - maintenanceWindowDow: - description: Day of week when maintenance operations should be performed. - One monday, tuesday, wednesday, etc. - enum: - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - - sunday - - never - type: string - maintenanceWindowTime: - description: Time of day when maintenance operations should be performed. - UTC time in HH:mm:ss format. - maxLength: 8 - type: string - plan: - description: Subscription plan. - maxLength: 128 - type: string - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - projectVpcId: - description: Identifier of the VPC the service should be in, if any. - maxLength: 36 - type: string - tags: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.cloudName + name: Region + type: string + - jsonPath: .spec.plan + name: Plan + type: string + - jsonPath: .status.state + name: State + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Kafka is the Schema for the kafkas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of Kafka + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret + properties: + key: + minLength: 1 + type: string + name: + minLength: 1 + type: string + required: [key, name] + type: object + cloudName: + description: Cloud the service runs in. + maxLength: 256 type: string - description: Tags are key-value pairs that allow you to categorize - services. - type: object - terminationProtection: - description: Prevent service from being deleted. It is recommended - to have this enabled for all services. - type: boolean - userConfig: - description: Kafka specific user configuration options - properties: - ip_filter: - description: IP filter Allow incoming connections from CIDR address - block, e.g. '10.20.0.0/16' - items: + connInfoSecretTarget: + description: Information regarding secret creation + properties: + name: + description: Name of the Secret resource to be created type: string - type: array - kafka: - description: Kafka broker configuration values - properties: - auto_create_topics_enable: - description: auto.create.topics.enable Enable auto creation - of topics - type: boolean - compression_type: - description: compression.type Specify the final compression - type for a given topic. This configuration accepts the standard - compression codecs ('gzip', 'snappy', 'lz4', 'zstd'). It - additionally accepts 'uncompressed' which is equivalent - to no compression; and 'producer' which means retain the - original compression codec set by the producer. - enum: - - gzip - - snappy - - lz4 - - zstd - - uncompressed - - producer - type: string - connections_max_idle_ms: - description: 'connections.max.idle.ms Idle connections timeout: - the server socket processor threads close the connections - that idle for longer than this.' - format: int64 - maximum: 3600000 - minimum: 1000 - type: integer - default_replication_factor: - description: default.replication.factor Replication factor - for autocreated topics - format: int64 - maximum: 10 - minimum: 1 - type: integer - group_max_session_timeout_ms: - description: group.max.session.timeout.ms The maximum allowed - session timeout for registered consumers. Longer timeouts - give consumers more time to process messages in between - heartbeats at the cost of a longer time to detect failures. - format: int64 - maximum: 1800000 - minimum: 0 - type: integer - group_min_session_timeout_ms: - description: group.min.session.timeout.ms The minimum allowed - session timeout for registered consumers. Longer timeouts - give consumers more time to process messages in between - heartbeats at the cost of a longer time to detect failures. - format: int64 - maximum: 60000 - minimum: 0 - type: integer - log_cleaner_delete_retention_ms: - description: log.cleaner.delete.retention.ms How long are - delete records retained? - format: int64 - maximum: 315569260000 - minimum: 0 - type: integer - log_cleaner_max_compaction_lag_ms: - description: log.cleaner.max.compaction.lag.ms The maximum - amount of time message will remain uncompacted. Only applicable - for logs that are being compacted - format: int64 - minimum: 30000 - type: integer - log_cleaner_min_cleanable_ratio: - description: log.cleaner.min.cleanable.ratio Controls log - compactor frequency. Larger value means more frequent compactions - but also more space wasted for logs. Consider setting log.cleaner.max.compaction.lag.ms - to enforce compactions sooner, instead of setting a very - high value for this option. - format: int64 - maximum: 1 - minimum: 0 - type: integer - log_cleaner_min_compaction_lag_ms: - description: log.cleaner.min.compaction.lag.ms The minimum - time a message will remain uncompacted in the log. Only - applicable for logs that are being compacted. - format: int64 - minimum: 0 - type: integer - log_cleanup_policy: - description: log.cleanup.policy The default cleanup policy - for segments beyond the retention window - enum: - - compact - - delete - type: string - log_flush_interval_messages: - description: log.flush.interval.messages The number of messages - accumulated on a log partition before messages are flushed - to disk - format: int64 - minimum: 1 - type: integer - log_flush_interval_ms: - description: log.flush.interval.ms The maximum time in ms - that a message in any topic is kept in memory before flushed - to disk. If not set, the value in log.flush.scheduler.interval.ms - is used - format: int64 - minimum: 0 - type: integer - log_index_interval_bytes: - description: log.index.interval.bytes The interval with which - Kafka adds an entry to the offset index - format: int64 - maximum: 104857600 - minimum: 0 - type: integer - log_index_size_max_bytes: - description: log.index.size.max.bytes The maximum size in - bytes of the offset index - format: int64 - maximum: 104857600 - minimum: 1048576 - type: integer - log_message_downconversion_enable: - description: log.message.downconversion.enable This configuration - controls whether down-conversion of message formats is enabled - to satisfy consume requests. - type: boolean - log_message_timestamp_difference_max_ms: - description: log.message.timestamp.difference.max.ms The maximum - difference allowed between the timestamp when a broker receives - a message and the timestamp specified in the message - format: int64 - minimum: 0 - type: integer - log_message_timestamp_type: - description: log.message.timestamp.type Define whether the - timestamp in the message is message create time or log append - time. - enum: - - CreateTime - - LogAppendTime + required: [name] + type: object + disk_space: + description: The disk space of the service, possible values depend + on the service type, the cloud provider and the project. Reducing + will result in the service re-balancing. + format: ^[1-9][0-9]*(GiB|G)* + type: string + karapace: + description: Switch the service to use Karapace for schema registry + and REST proxy + type: boolean + maintenanceWindowDow: + description: Day of week when maintenance operations should be performed. + One monday, tuesday, wednesday, etc. + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + - never + type: string + maintenanceWindowTime: + description: Time of day when maintenance operations should be performed. + UTC time in HH:mm:ss format. + maxLength: 8 + type: string + plan: + description: Subscription plan. + maxLength: 128 + type: string + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + projectVpcId: + description: Identifier of the VPC the service should be in, if + any. + maxLength: 36 + type: string + tags: + additionalProperties: + type: string + description: Tags are key-value pairs that allow you to categorize + services. + type: object + terminationProtection: + description: Prevent service from being deleted. It is recommended + to have this enabled for all services. + type: boolean + userConfig: + description: Kafka specific user configuration options + properties: + ip_filter: + description: IP filter Allow incoming connections from CIDR + address block, e.g. '10.20.0.0/16' + items: type: string - log_preallocate: - description: log.preallocate Should pre allocate file when - create new segment? - type: boolean - log_retention_bytes: - description: log.retention.bytes The maximum size of the log - before deleting messages - format: int64 - type: integer - log_retention_hours: - description: log.retention.hours The number of hours to keep - a log file before deleting it - format: int64 - maximum: 2147483647 - type: integer - log_retention_ms: - description: log.retention.ms The number of milliseconds to - keep a log file before deleting it (in milliseconds), If - not set, the value in log.retention.minutes is used. If - set to -1, no time limit is applied. - format: int64 - type: integer - log_roll_jitter_ms: - description: log.roll.jitter.ms The maximum jitter to subtract - from logRollTimeMillis (in milliseconds). If not set, the - value in log.roll.jitter.hours is used - format: int64 - minimum: 0 - type: integer - log_roll_ms: - description: log.roll.ms The maximum time before a new log - segment is rolled out (in milliseconds). - format: int64 - minimum: 1 - type: integer - log_segment_bytes: - description: log.segment.bytes The maximum size of a single - log file - format: int64 - maximum: 1073741824 - minimum: 10485760 - type: integer - log_segment_delete_delay_ms: - description: log.segment.delete.delay.ms The amount of time - to wait before deleting a file from the filesystem - format: int64 - maximum: 3600000 - minimum: 0 - type: integer - max_connections_per_ip: - description: max.connections.per.ip The maximum number of - connections allowed from each ip address (defaults to 2147483647). - format: int64 - maximum: 2147483647 - minimum: 256 - type: integer - max_incremental_fetch_session_cache_slots: - description: max.incremental.fetch.session.cache.slots The - maximum number of incremental fetch sessions that the broker - will maintain. - format: int64 - maximum: 10000 - minimum: 1000 - type: integer - message_max_bytes: - description: message.max.bytes The maximum size of message - that the server can receive. - format: int64 - maximum: 100001200 - minimum: 0 - type: integer - min_insync_replicas: - description: min.insync.replicas When a producer sets acks - to 'all' (or '-1'), min.insync.replicas specifies the minimum - number of replicas that must acknowledge a write for the - write to be considered successful. - format: int64 - maximum: 7 - minimum: 1 - type: integer - num_partitions: - description: num.partitions Number of partitions for autocreated - topics - format: int64 - maximum: 1000 - minimum: 1 - type: integer - offsets_retention_minutes: - description: offsets.retention.minutes Log retention window - in minutes for offsets topic - format: int64 - maximum: 2147483647 - minimum: 1 - type: integer - producer_purgatory_purge_interval_requests: - description: producer.purgatory.purge.interval.requests The - purge interval (in number of requests) of the producer request - purgatory(defaults to 1000). - format: int64 - maximum: 10000 - minimum: 10 - type: integer - replica_fetch_max_bytes: - description: replica.fetch.max.bytes The number of bytes of - messages to attempt to fetch for each partition (defaults - to 1048576). This is not an absolute maximum, if the first - record batch in the first non-empty partition of the fetch - is larger than this value, the record batch will still be - returned to ensure that progress can be made. - format: int64 - maximum: 104857600 - minimum: 1048576 - type: integer - replica_fetch_response_max_bytes: - description: replica.fetch.response.max.bytes Maximum bytes - expected for the entire fetch response (defaults to 10485760). - Records are fetched in batches, and if the first record - batch in the first non-empty partition of the fetch is larger - than this value, the record batch will still be returned - to ensure that progress can be made. As such, this is not - an absolute maximum. - format: int64 - maximum: 1048576000 - minimum: 10485760 - type: integer - socket_request_max_bytes: - description: socket.request.max.bytes The maximum number of - bytes in a socket request (defaults to 104857600). - format: int64 - maximum: 209715200 - minimum: 10485760 - type: integer - type: object - kafka_authentication_methods: - description: Kafka authentication methods - properties: - certificate: - description: Enable certificate/SSL authentication - type: boolean - sasl: - description: Enable SASL authentication - type: boolean - type: object - kafka_connect: - description: Enable Kafka Connect service - type: boolean - kafka_connect_user_config: - description: Kafka Connect configuration values + type: array + kafka: + description: Kafka broker configuration values + properties: + auto_create_topics_enable: + description: auto.create.topics.enable Enable auto creation + of topics + type: boolean + compression_type: + description: compression.type Specify the final compression + type for a given topic. This configuration accepts the + standard compression codecs ('gzip', 'snappy', 'lz4', + 'zstd'). It additionally accepts 'uncompressed' which + is equivalent to no compression; and 'producer' which + means retain the original compression codec set by the + producer. + enum: [gzip, snappy, lz4, zstd, uncompressed, producer] + type: string + connections_max_idle_ms: + description: 'connections.max.idle.ms Idle connections timeout: + the server socket processor threads close the connections + that idle for longer than this.' + format: int64 + maximum: 3600000 + minimum: 1000 + type: integer + default_replication_factor: + description: default.replication.factor Replication factor + for autocreated topics + format: int64 + maximum: 10 + minimum: 1 + type: integer + group_max_session_timeout_ms: + description: group.max.session.timeout.ms The maximum allowed + session timeout for registered consumers. Longer timeouts + give consumers more time to process messages in between + heartbeats at the cost of a longer time to detect failures. + format: int64 + maximum: 1800000 + minimum: 0 + type: integer + group_min_session_timeout_ms: + description: group.min.session.timeout.ms The minimum allowed + session timeout for registered consumers. Longer timeouts + give consumers more time to process messages in between + heartbeats at the cost of a longer time to detect failures. + format: int64 + maximum: 60000 + minimum: 0 + type: integer + log_cleaner_delete_retention_ms: + description: log.cleaner.delete.retention.ms How long are + delete records retained? + format: int64 + maximum: 315569260000 + minimum: 0 + type: integer + log_cleaner_max_compaction_lag_ms: + description: log.cleaner.max.compaction.lag.ms The maximum + amount of time message will remain uncompacted. Only applicable + for logs that are being compacted + format: int64 + minimum: 30000 + type: integer + log_cleaner_min_cleanable_ratio: + description: log.cleaner.min.cleanable.ratio Controls log + compactor frequency. Larger value means more frequent + compactions but also more space wasted for logs. Consider + setting log.cleaner.max.compaction.lag.ms to enforce compactions + sooner, instead of setting a very high value for this + option. + format: int64 + maximum: 1 + minimum: 0 + type: integer + log_cleaner_min_compaction_lag_ms: + description: log.cleaner.min.compaction.lag.ms The minimum + time a message will remain uncompacted in the log. Only + applicable for logs that are being compacted. + format: int64 + minimum: 0 + type: integer + log_cleanup_policy: + description: log.cleanup.policy The default cleanup policy + for segments beyond the retention window + enum: [compact, delete] + type: string + log_flush_interval_messages: + description: log.flush.interval.messages The number of messages + accumulated on a log partition before messages are flushed + to disk + format: int64 + minimum: 1 + type: integer + log_flush_interval_ms: + description: log.flush.interval.ms The maximum time in ms + that a message in any topic is kept in memory before flushed + to disk. If not set, the value in log.flush.scheduler.interval.ms + is used + format: int64 + minimum: 0 + type: integer + log_index_interval_bytes: + description: log.index.interval.bytes The interval with + which Kafka adds an entry to the offset index + format: int64 + maximum: 104857600 + minimum: 0 + type: integer + log_index_size_max_bytes: + description: log.index.size.max.bytes The maximum size in + bytes of the offset index + format: int64 + maximum: 104857600 + minimum: 1048576 + type: integer + log_message_downconversion_enable: + description: log.message.downconversion.enable This configuration + controls whether down-conversion of message formats is + enabled to satisfy consume requests. + type: boolean + log_message_timestamp_difference_max_ms: + description: log.message.timestamp.difference.max.ms The + maximum difference allowed between the timestamp when + a broker receives a message and the timestamp specified + in the message + format: int64 + minimum: 0 + type: integer + log_message_timestamp_type: + description: log.message.timestamp.type Define whether the + timestamp in the message is message create time or log + append time. + enum: [CreateTime, LogAppendTime] + type: string + log_preallocate: + description: log.preallocate Should pre allocate file when + create new segment? + type: boolean + log_retention_bytes: + description: log.retention.bytes The maximum size of the + log before deleting messages + format: int64 + type: integer + log_retention_hours: + description: log.retention.hours The number of hours to + keep a log file before deleting it + format: int64 + maximum: 2147483647 + type: integer + log_retention_ms: + description: log.retention.ms The number of milliseconds + to keep a log file before deleting it (in milliseconds), + If not set, the value in log.retention.minutes is used. + If set to -1, no time limit is applied. + format: int64 + type: integer + log_roll_jitter_ms: + description: log.roll.jitter.ms The maximum jitter to subtract + from logRollTimeMillis (in milliseconds). If not set, + the value in log.roll.jitter.hours is used + format: int64 + minimum: 0 + type: integer + log_roll_ms: + description: log.roll.ms The maximum time before a new log + segment is rolled out (in milliseconds). + format: int64 + minimum: 1 + type: integer + log_segment_bytes: + description: log.segment.bytes The maximum size of a single + log file + format: int64 + maximum: 1073741824 + minimum: 10485760 + type: integer + log_segment_delete_delay_ms: + description: log.segment.delete.delay.ms The amount of time + to wait before deleting a file from the filesystem + format: int64 + maximum: 3600000 + minimum: 0 + type: integer + max_connections_per_ip: + description: max.connections.per.ip The maximum number of + connections allowed from each ip address (defaults to + 2147483647). + format: int64 + maximum: 2147483647 + minimum: 256 + type: integer + max_incremental_fetch_session_cache_slots: + description: max.incremental.fetch.session.cache.slots The + maximum number of incremental fetch sessions that the + broker will maintain. + format: int64 + maximum: 10000 + minimum: 1000 + type: integer + message_max_bytes: + description: message.max.bytes The maximum size of message + that the server can receive. + format: int64 + maximum: 100001200 + minimum: 0 + type: integer + min_insync_replicas: + description: min.insync.replicas When a producer sets acks + to 'all' (or '-1'), min.insync.replicas specifies the + minimum number of replicas that must acknowledge a write + for the write to be considered successful. + format: int64 + maximum: 7 + minimum: 1 + type: integer + num_partitions: + description: num.partitions Number of partitions for autocreated + topics + format: int64 + maximum: 1000 + minimum: 1 + type: integer + offsets_retention_minutes: + description: offsets.retention.minutes Log retention window + in minutes for offsets topic + format: int64 + maximum: 2147483647 + minimum: 1 + type: integer + producer_purgatory_purge_interval_requests: + description: producer.purgatory.purge.interval.requests + The purge interval (in number of requests) of the producer + request purgatory(defaults to 1000). + format: int64 + maximum: 10000 + minimum: 10 + type: integer + replica_fetch_max_bytes: + description: replica.fetch.max.bytes The number of bytes + of messages to attempt to fetch for each partition (defaults + to 1048576). This is not an absolute maximum, if the first + record batch in the first non-empty partition of the fetch + is larger than this value, the record batch will still + be returned to ensure that progress can be made. + format: int64 + maximum: 104857600 + minimum: 1048576 + type: integer + replica_fetch_response_max_bytes: + description: replica.fetch.response.max.bytes Maximum bytes + expected for the entire fetch response (defaults to 10485760). + Records are fetched in batches, and if the first record + batch in the first non-empty partition of the fetch is + larger than this value, the record batch will still be + returned to ensure that progress can be made. As such, + this is not an absolute maximum. + format: int64 + maximum: 1048576000 + minimum: 10485760 + type: integer + socket_request_max_bytes: + description: socket.request.max.bytes The maximum number + of bytes in a socket request (defaults to 104857600). + format: int64 + maximum: 209715200 + minimum: 10485760 + type: integer + type: object + kafka_authentication_methods: + description: Kafka authentication methods + properties: + certificate: + description: Enable certificate/SSL authentication + type: boolean + sasl: + description: Enable SASL authentication + type: boolean + type: object + kafka_connect: + description: Enable Kafka Connect service + type: boolean + kafka_connect_user_config: + description: Kafka Connect configuration values + properties: + connector_client_config_override_policy: + description: Client config override policy Defines what + client configurations can be overridden by the connector. + Default is None + enum: [None, All] + type: string + consumer_auto_offset_reset: + description: Consumer auto offset reset What to do when + there is no initial offset in Kafka or if the current + offset does not exist any more on the server. Default + is earliest + enum: [earliest, latest] + type: string + consumer_fetch_max_bytes: + description: The maximum amount of data the server should + return for a fetch request Records are fetched in batches + by the consumer, and if the first record batch in the + first non-empty partition of the fetch is larger than + this value, the record batch will still be returned to + ensure that the consumer can make progress. As such, this + is not a absolute maximum. + format: int64 + maximum: 104857600 + minimum: 1048576 + type: integer + consumer_isolation_level: + description: Consumer isolation level Transaction read isolation + level. read_uncommitted is the default, but read_committed + can be used if consume-exactly-once behavior is desired. + enum: [read_uncommitted, read_committed] + type: string + consumer_max_partition_fetch_bytes: + description: The maximum amount of data per-partition the + server will return. Records are fetched in batches by + the consumer.If the first record batch in the first non-empty + partition of the fetch is larger than this limit, the + batch will still be returned to ensure that the consumer + can make progress. + format: int64 + maximum: 104857600 + minimum: 1048576 + type: integer + consumer_max_poll_interval_ms: + description: The maximum delay between polls when using + consumer group management The maximum delay in milliseconds + between invocations of poll() when using consumer group + management (defaults to 300000). + format: int64 + maximum: 2147483647 + minimum: 1 + type: integer + consumer_max_poll_records: + description: The maximum number of records returned by a + single poll The maximum number of records returned in + a single call to poll() (defaults to 500). + format: int64 + maximum: 10000 + minimum: 1 + type: integer + offset_flush_interval_ms: + description: The interval at which to try committing offsets + for tasks The interval at which to try committing offsets + for tasks (defaults to 60000). + format: int64 + maximum: 100000000 + minimum: 1 + type: integer + offset_flush_timeout_ms: + description: Offset flush timeout Maximum number of milliseconds + to wait for records to flush and partition offset data + to be committed to offset storage before cancelling the + process and restoring the offset data to be committed + in a future attempt (defaults to 5000). + format: int64 + maximum: 2147483647 + minimum: 1 + type: integer + producer_max_request_size: + description: The maximum size of a request in bytes This + setting will limit the number of record batches the producer + will send in a single request to avoid sending huge requests. + format: int64 + maximum: 10485760 + minimum: 131072 + type: integer + session_timeout_ms: + description: The timeout used to detect failures when using + Kafka’s group management facilities The timeout in milliseconds + used to detect failures when using Kafka’s group management + facilities (defaults to 10000). + format: int64 + maximum: 2147483647 + minimum: 1 + type: integer + type: object + kafka_rest: + description: Enable Kafka-REST service + type: boolean + kafka_rest_config: + description: Kafka REST configuration + properties: + consumer_enable_auto_commit: + description: consumer.enable.auto.commit If true the consumer's + offset will be periodically committed to Kafka in the + background + type: boolean + consumer_request_max_bytes: + description: consumer.request.max.bytes Maximum number of + bytes in unencoded message keys and values by a single + request + format: int64 + maximum: 671088640 + minimum: 0 + type: integer + consumer_request_timeout_ms: + description: consumer.request.timeout.ms The maximum total + time to wait for messages for a request if the maximum + number of messages has not yet been reached + enum: [1000, 15000, 30000] + format: int64 + maximum: 30000 + minimum: 1000 + type: integer + custom_domain: + description: Custom domain Serve the web frontend using + a custom CNAME pointing to the Aiven DNS name + maxLength: 255 + type: string + producer_acks: + description: producer.acks The number of acknowledgments + the producer requires the leader to have received before + considering a request complete. If set to 'all' or '-1', + the leader will wait for the full set of in-sync replicas + to acknowledge the record. + enum: [all, -1, 0, 1] + type: string + producer_linger_ms: + description: producer.linger.ms Wait for up to the given + delay to allow batching records together + format: int64 + maximum: 5000 + minimum: 0 + type: integer + public_access: + description: Allow access to selected service ports from + the public Internet + properties: + kafka: + description: Allow clients to connect to kafka from + the public internet for service nodes that are in + a project VPC or another type of private network + type: boolean + kafka_connect: + description: Allow clients to connect to kafka_connect + from the public internet for service nodes that are + in a project VPC or another type of private network + type: boolean + kafka_rest: + description: Allow clients to connect to kafka_rest + from the public internet for service nodes that are + in a project VPC or another type of private network + type: boolean + prometheus: + description: Allow clients to connect to prometheus + from the public internet for service nodes that are + in a project VPC or another type of private network + type: boolean + schema_registry: + description: Allow clients to connect to schema_registry + from the public internet for service nodes that are + in a project VPC or another type of private network + type: boolean + type: object + simpleconsumer_pool_size_max: + description: simpleconsumer.pool.size.max Maximum number + of SimpleConsumers that can be instantiated per broker + format: int64 + maximum: 250 + minimum: 10 + type: integer + type: object + kafka_version: + description: Kafka major version + type: string + private_access: + description: Allow access to selected service ports from private + networks + properties: + prometheus: + description: Allow clients to connect to prometheus with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + type: object + schema_registry: + description: Enable Schema-Registry service + type: boolean + schema_registry_config: + description: Schema Registry configuration + properties: + leader_eligibility: + description: leader_eligibility If true, Karapace / Schema + Registry on the service nodes can participate in leader + election. It might be needed to disable this when the + schemas topic is replicated to a secondary cluster and + Karapace / Schema Registry there must not participate + in leader election. Defaults to 'true'. + type: boolean + topic_name: + description: topic_name The durable single partition topic + that acts as the durable log for the data. This topic + must be compacted to avoid losing data due to retention + policy. Please note that changing this configuration in + an existing Schema Registry / Karapace setup leads to + previous schemas being inaccessible, data encoded with + them potentially unreadable and schema ID sequence put + out of order. It's only possible to do the switch while + Schema Registry / Karapace is disabled. Defaults to '_schemas'. + maxLength: 249 + type: string + type: object + type: object + required: [authSecretRef, project] + type: object + status: + description: ServiceStatus defines the observed state of service + properties: + conditions: + description: Conditions represent the latest available observations + of a service state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" \ + \ // +patchMergeKey=type // +patchStrategy=merge //\ + \ +listType=map // +listMapKey=type Conditions []metav1.Condition\ + \ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"\ + type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other\ + \ fields }" properties: - connector_client_config_override_policy: - description: Client config override policy Defines what client - configurations can be overridden by the connector. Default - is None - enum: - - None - - All - type: string - consumer_auto_offset_reset: - description: Consumer auto offset reset What to do when there - is no initial offset in Kafka or if the current offset does - not exist any more on the server. Default is earliest - enum: - - earliest - - latest + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time type: string - consumer_fetch_max_bytes: - description: The maximum amount of data the server should - return for a fetch request Records are fetched in batches - by the consumer, and if the first record batch in the first - non-empty partition of the fetch is larger than this value, - the record batch will still be returned to ensure that the - consumer can make progress. As such, this is not a absolute - maximum. - format: int64 - maximum: 104857600 - minimum: 1048576 - type: integer - consumer_isolation_level: - description: Consumer isolation level Transaction read isolation - level. read_uncommitted is the default, but read_committed - can be used if consume-exactly-once behavior is desired. - enum: - - read_uncommitted - - read_committed + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 type: string - consumer_max_partition_fetch_bytes: - description: The maximum amount of data per-partition the - server will return. Records are fetched in batches by the - consumer.If the first record batch in the first non-empty - partition of the fetch is larger than this limit, the batch - will still be returned to ensure that the consumer can make - progress. - format: int64 - maximum: 104857600 - minimum: 1048576 - type: integer - consumer_max_poll_interval_ms: - description: The maximum delay between polls when using consumer - group management The maximum delay in milliseconds between - invocations of poll() when using consumer group management - (defaults to 300000). - format: int64 - maximum: 2147483647 - minimum: 1 - type: integer - consumer_max_poll_records: - description: The maximum number of records returned by a single - poll The maximum number of records returned in a single - call to poll() (defaults to 500). - format: int64 - maximum: 10000 - minimum: 1 - type: integer - offset_flush_interval_ms: - description: The interval at which to try committing offsets - for tasks The interval at which to try committing offsets - for tasks (defaults to 60000). - format: int64 - maximum: 100000000 - minimum: 1 - type: integer - offset_flush_timeout_ms: - description: Offset flush timeout Maximum number of milliseconds - to wait for records to flush and partition offset data to - be committed to offset storage before cancelling the process - and restoring the offset data to be committed in a future - attempt (defaults to 5000). - format: int64 - maximum: 2147483647 - minimum: 1 - type: integer - producer_max_request_size: - description: The maximum size of a request in bytes This setting - will limit the number of record batches the producer will - send in a single request to avoid sending huge requests. - format: int64 - maximum: 10485760 - minimum: 131072 - type: integer - session_timeout_ms: - description: The timeout used to detect failures when using - Kafka’s group management facilities The timeout in milliseconds - used to detect failures when using Kafka’s group management - facilities (defaults to 10000). - format: int64 - maximum: 2147483647 - minimum: 1 - type: integer - type: object - kafka_rest: - description: Enable Kafka-REST service - type: boolean - kafka_rest_config: - description: Kafka REST configuration - properties: - consumer_enable_auto_commit: - description: consumer.enable.auto.commit If true the consumer's - offset will be periodically committed to Kafka in the background - type: boolean - consumer_request_max_bytes: - description: consumer.request.max.bytes Maximum number of - bytes in unencoded message keys and values by a single request + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. format: int64 - maximum: 671088640 minimum: 0 type: integer - consumer_request_timeout_ms: - description: consumer.request.timeout.ms The maximum total - time to wait for messages for a request if the maximum number - of messages has not yet been reached - enum: - - 1000 - - 15000 - - 30000 - format: int64 - maximum: 30000 - minimum: 1000 - type: integer - custom_domain: - description: Custom domain Serve the web frontend using a - custom CNAME pointing to the Aiven DNS name - maxLength: 255 + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - producer_acks: - description: producer.acks The number of acknowledgments the - producer requires the leader to have received before considering - a request complete. If set to 'all' or '-1', the leader - will wait for the full set of in-sync replicas to acknowledge - the record. - enum: - - all - - -1 - - 0 - - 1 + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] type: string - producer_linger_ms: - description: producer.linger.ms Wait for up to the given delay - to allow batching records together - format: int64 - maximum: 5000 - minimum: 0 - type: integer - public_access: - description: Allow access to selected service ports from the - public Internet - properties: - kafka: - description: Allow clients to connect to kafka from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - kafka_connect: - description: Allow clients to connect to kafka_connect - from the public internet for service nodes that are - in a project VPC or another type of private network - type: boolean - kafka_rest: - description: Allow clients to connect to kafka_rest from - the public internet for service nodes that are in a - project VPC or another type of private network - type: boolean - prometheus: - description: Allow clients to connect to prometheus from - the public internet for service nodes that are in a - project VPC or another type of private network - type: boolean - schema_registry: - description: Allow clients to connect to schema_registry - from the public internet for service nodes that are - in a project VPC or another type of private network - type: boolean - type: object - simpleconsumer_pool_size_max: - description: simpleconsumer.pool.size.max Maximum number of - SimpleConsumers that can be instantiated per broker - format: int64 - maximum: 250 - minimum: 10 - type: integer - type: object - kafka_version: - description: Kafka major version - type: string - private_access: - description: Allow access to selected service ports from private - networks - properties: - prometheus: - description: Allow clients to connect to prometheus with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - type: object - schema_registry: - description: Enable Schema-Registry service - type: boolean - schema_registry_config: - description: Schema Registry configuration - properties: - leader_eligibility: - description: leader_eligibility If true, Karapace / Schema - Registry on the service nodes can participate in leader - election. It might be needed to disable this when the schemas - topic is replicated to a secondary cluster and Karapace - / Schema Registry there must not participate in leader election. - Defaults to 'true'. - type: boolean - topic_name: - description: topic_name The durable single partition topic - that acts as the durable log for the data. This topic must - be compacted to avoid losing data due to retention policy. - Please note that changing this configuration in an existing - Schema Registry / Karapace setup leads to previous schemas - being inaccessible, data encoded with them potentially unreadable - and schema ID sequence put out of order. It's only possible - to do the switch while Schema Registry / Karapace is disabled. - Defaults to '_schemas'. - maxLength: 249 + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string + required: [lastTransitionTime, message, reason, status, type] type: object - type: object - required: - - authSecretRef - - project - type: object - status: - description: ServiceStatus defines the observed state of service - properties: - conditions: - description: Conditions represent the latest available observations - of a service state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - state: - description: Service state - type: string - required: - - conditions - - state - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + state: + description: Service state + type: string + required: [conditions, state] + type: object + type: object + served: true + storage: true + subresources: + status: {} + status: acceptedNames: - kind: "" - plural: "" + kind: '' + plural: '' conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + creationTimestamp: name: kafkaschemas.aiven.io + spec: group: aiven.io names: @@ -2075,191 +2021,185 @@ spec: singular: kafkaschema scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.serviceName - name: Service Name - type: string - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.subjectName - name: Subject - type: string - - jsonPath: .spec.compatibilityLevel - name: Compatibility Level - type: string - - jsonPath: .status.version - name: Version - type: number - name: v1alpha1 - schema: - openAPIV3Schema: - description: KafkaSchema is the Schema for the kafkaschemas API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaSchemaSpec defines the desired state of KafkaSchema - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - compatibilityLevel: - description: Kafka Schemas compatibility level - enum: - - BACKWARD - - BACKWARD_TRANSITIVE - - FORWARD - - FORWARD_TRANSITIVE - - FULL - - FULL_TRANSITIVE - - NONE - type: string - project: - description: Project to link the Kafka Schema to - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - schema: - description: Kafka Schema configuration should be a valid Avro Schema - JSON format - type: string - serviceName: - description: Service to link the Kafka Schema to - maxLength: 63 - type: string - subjectName: - description: Kafka Schema Subject name - maxLength: 63 - type: string - required: - - authSecretRef - - project - - schema - - serviceName - - subjectName - type: object - status: - description: KafkaSchemaStatus defines the observed state of KafkaSchema - properties: - conditions: - description: Conditions represent the latest available observations - of an KafkaSchema state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" + - additionalPrinterColumns: + - jsonPath: .spec.serviceName + name: Service Name + type: string + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.subjectName + name: Subject + type: string + - jsonPath: .spec.compatibilityLevel + name: Compatibility Level + type: string + - jsonPath: .status.version + name: Version + type: number + name: v1alpha1 + schema: + openAPIV3Schema: + description: KafkaSchema is the Schema for the kafkaschemas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSchemaSpec defines the desired state of KafkaSchema + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 + key: minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + name: + minLength: 1 type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + required: [key, name] type: object - type: array - version: - description: Kafka Schema configuration version - type: integer - required: - - conditions - - version - type: object - type: object - served: true - storage: true - subresources: - status: {} + compatibilityLevel: + description: Kafka Schemas compatibility level + enum: + - BACKWARD + - BACKWARD_TRANSITIVE + - FORWARD + - FORWARD_TRANSITIVE + - FULL + - FULL_TRANSITIVE + - NONE + type: string + project: + description: Project to link the Kafka Schema to + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + schema: + description: Kafka Schema configuration should be a valid Avro Schema + JSON format + type: string + serviceName: + description: Service to link the Kafka Schema to + maxLength: 63 + type: string + subjectName: + description: Kafka Schema Subject name + maxLength: 63 + type: string + required: + - authSecretRef + - project + - schema + - serviceName + - subjectName + type: object + status: + description: KafkaSchemaStatus defines the observed state of KafkaSchema + properties: + conditions: + description: Conditions represent the latest available observations + of an KafkaSchema state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" \ + \ // +patchMergeKey=type // +patchStrategy=merge //\ + \ +listType=map // +listMapKey=type Conditions []metav1.Condition\ + \ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"\ + type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other\ + \ fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + version: + description: Kafka Schema configuration version + type: integer + required: [conditions, version] + type: object + type: object + served: true + storage: true + subresources: + status: {} + status: acceptedNames: - kind: "" - plural: "" + kind: '' + plural: '' conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + creationTimestamp: name: kafkatopics.aiven.io + spec: group: aiven.io names: @@ -2269,287 +2209,280 @@ spec: singular: kafkatopic scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.serviceName - name: Service Name - type: string - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.partitions - name: Partitions - type: string - - jsonPath: .spec.replication - name: Replication - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: KafkaTopic is the Schema for the kafkatopics API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaTopicSpec defines the desired state of KafkaTopic - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - config: - description: Kafka topic configuration - properties: - cleanup_policy: - description: cleanup.policy value - type: string - compression_type: - description: compression.type value - type: string - delete_retention_ms: - description: delete.retention.ms value - format: int64 - type: integer - file_delete_delay_ms: - description: file.delete.delay.ms value - format: int64 - type: integer - flush_messages: - description: flush.messages value - format: int64 - type: integer - flush_ms: - description: flush.ms value - format: int64 - type: integer - index_interval_bytes: - description: index.interval.bytes value - format: int64 - type: integer - max_compaction_lag_ms: - description: max.compaction.lag.ms value - format: int64 - type: integer - max_message_bytes: - description: max.message.bytes value - format: int64 - type: integer - message_downconversion_enable: - description: message.downconversion.enable value - type: boolean - message_format_version: - description: message.format.version value - type: string - message_timestamp_difference_max_ms: - description: message.timestamp.difference.max.ms value - format: int64 - type: integer - message_timestamp_type: - description: message.timestamp.type value - type: string - min_compaction_lag_ms: - description: min.compaction.lag.ms value - format: int64 - type: integer - min_insync_replicas: - description: min.insync.replicas value - format: int64 - type: integer - preallocate: - description: preallocate value - type: boolean - retention_bytes: - description: retention.bytes value - format: int64 - type: integer - retention_ms: - description: retention.ms value - format: int64 - type: integer - segment_bytes: - description: segment.bytes value - format: int64 - type: integer - segment_index_bytes: - description: segment.index.bytes value - format: int64 - type: integer - segment_jitter_ms: - description: segment.jitter.ms value - format: int64 - type: integer - segment_ms: - description: segment.ms value - format: int64 - type: integer - type: object - partitions: - description: Number of partitions to create in the topic - maximum: 1000000 - minimum: 1 - type: integer - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - replication: - description: Replication factor for the topic - minimum: 2 - type: integer - serviceName: - description: Service name. - maxLength: 63 - type: string - tags: - description: Kafka topic tags - items: + - additionalPrinterColumns: + - jsonPath: .spec.serviceName + name: Service Name + type: string + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.partitions + name: Partitions + type: string + - jsonPath: .spec.replication + name: Replication + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: KafkaTopic is the Schema for the kafkatopics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaTopicSpec defines the desired state of KafkaTopic + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: key: - format: ^[a-zA-Z0-9_-]*$ - maxLength: 64 minLength: 1 type: string - value: - format: ^[a-zA-Z0-9_-]*$ - maxLength: 256 + name: + minLength: 1 type: string - required: - - key + required: [key, name] type: object - type: array - termination_protection: - description: It is a Kubernetes side deletion protections, which prevents - the kafka topic from being deleted by Kubernetes. It is recommended - to enable this for any production databases containing critical - data. - type: boolean - required: - - authSecretRef - - partitions - - project - - replication - - serviceName - type: object - status: - description: KafkaTopicStatus defines the observed state of KafkaTopic - properties: - conditions: - description: Conditions represent the latest available observations - of an KafkaTopic state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" + config: + description: Kafka topic configuration properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time + cleanup_policy: + description: cleanup.policy value type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 + compression_type: + description: compression.type value type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + delete_retention_ms: + description: delete.retention.ms value format: int64 - minimum: 0 type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown + file_delete_delay_ms: + description: file.delete.delay.ms value + format: int64 + type: integer + flush_messages: + description: flush.messages value + format: int64 + type: integer + flush_ms: + description: flush.ms value + format: int64 + type: integer + index_interval_bytes: + description: index.interval.bytes value + format: int64 + type: integer + max_compaction_lag_ms: + description: max.compaction.lag.ms value + format: int64 + type: integer + max_message_bytes: + description: max.message.bytes value + format: int64 + type: integer + message_downconversion_enable: + description: message.downconversion.enable value + type: boolean + message_format_version: + description: message.format.version value type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + message_timestamp_difference_max_ms: + description: message.timestamp.difference.max.ms value + format: int64 + type: integer + message_timestamp_type: + description: message.timestamp.type value type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + min_compaction_lag_ms: + description: min.compaction.lag.ms value + format: int64 + type: integer + min_insync_replicas: + description: min.insync.replicas value + format: int64 + type: integer + preallocate: + description: preallocate value + type: boolean + retention_bytes: + description: retention.bytes value + format: int64 + type: integer + retention_ms: + description: retention.ms value + format: int64 + type: integer + segment_bytes: + description: segment.bytes value + format: int64 + type: integer + segment_index_bytes: + description: segment.index.bytes value + format: int64 + type: integer + segment_jitter_ms: + description: segment.jitter.ms value + format: int64 + type: integer + segment_ms: + description: segment.ms value + format: int64 + type: integer type: object - type: array - state: - description: State represents the state of the kafka topic - type: string - required: - - conditions - - state - type: object - type: object - served: true - storage: true - subresources: - status: {} + partitions: + description: Number of partitions to create in the topic + maximum: 1000000 + minimum: 1 + type: integer + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + replication: + description: Replication factor for the topic + minimum: 2 + type: integer + serviceName: + description: Service name. + maxLength: 63 + type: string + tags: + description: Kafka topic tags + items: + properties: + key: + format: ^[a-zA-Z0-9_-]*$ + maxLength: 64 + minLength: 1 + type: string + value: + format: ^[a-zA-Z0-9_-]*$ + maxLength: 256 + type: string + required: [key] + type: object + type: array + termination_protection: + description: It is a Kubernetes side deletion protections, which + prevents the kafka topic from being deleted by Kubernetes. It + is recommended to enable this for any production databases containing + critical data. + type: boolean + required: + - authSecretRef + - partitions + - project + - replication + - serviceName + type: object + status: + description: KafkaTopicStatus defines the observed state of KafkaTopic + properties: + conditions: + description: Conditions represent the latest available observations + of an KafkaTopic state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" \ + \ // +patchMergeKey=type // +patchStrategy=merge //\ + \ +listType=map // +listMapKey=type Conditions []metav1.Condition\ + \ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"\ + type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other\ + \ fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + state: + description: State represents the state of the kafka topic + type: string + required: [conditions, state] + type: object + type: object + served: true + storage: true + subresources: + status: {} + status: acceptedNames: - kind: "" - plural: "" + kind: '' + plural: '' conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + creationTimestamp: name: projects.aiven.io + spec: group: aiven.io names: @@ -2559,231 +2492,216 @@ spec: singular: project scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Project is the Schema for the projects API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProjectSpec defines the desired state of Project - properties: - accountId: - description: Account ID - maxLength: 32 - type: string - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - billingAddress: - description: Billing name and address of the project - maxLength: 1000 - type: string - billingCurrency: - description: Billing currency - enum: - - AUD - - CAD - - CHF - - DKK - - EUR - - GBP - - NOK - - SEK - - USD - type: string - billingEmails: - description: Billing contact emails of the project - items: - type: string - maxItems: 10 - type: array - billingExtraText: - description: Extra text to be included in all project invoices, e.g. - purchase order or cost center number - maxLength: 1000 - type: string - billingGroupId: - description: BillingGroup ID - maxLength: 36 - minLength: 36 - type: string - cardId: - description: Credit card ID; The ID may be either last 4 digits of - the card or the actual ID - maxLength: 64 - type: string - cloud: - description: 'Target cloud, example: aws-eu-central-1' - maxLength: 256 - type: string - connInfoSecretTarget: - description: Information regarding secret creation - properties: - name: - description: Name of the Secret resource to be created - type: string - required: - - name - type: object - copyFromProject: - description: Project name from which to copy settings to the new project - maxLength: 63 - type: string - countryCode: - description: Billing country code of the project - maxLength: 2 - minLength: 2 - type: string - tags: - additionalProperties: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Project is the Schema for the projects API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProjectSpec defines the desired state of Project + properties: + accountId: + description: Account ID + maxLength: 32 type: string - description: Tags are key-value pairs that allow you to categorize - projects - type: object - technicalEmails: - description: Technical contact emails of the project - items: - type: string - maxItems: 10 - type: array - required: - - authSecretRef - type: object - status: - description: ProjectStatus defines the observed state of Project - properties: - availableCredits: - description: Available credirs - type: string - conditions: - description: Conditions represent the latest available observations - of an Project state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 + key: minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown + name: + minLength: 1 type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + required: [key, name] + type: object + billingAddress: + description: Billing name and address of the project + maxLength: 1000 + type: string + billingCurrency: + description: Billing currency + enum: [AUD, CAD, CHF, DKK, EUR, GBP, NOK, SEK, USD] + type: string + billingEmails: + description: Billing contact emails of the project + items: + type: string + maxItems: 10 + type: array + billingExtraText: + description: Extra text to be included in all project invoices, + e.g. purchase order or cost center number + maxLength: 1000 + type: string + billingGroupId: + description: BillingGroup ID + maxLength: 36 + minLength: 36 + type: string + cardId: + description: Credit card ID; The ID may be either last 4 digits + of the card or the actual ID + maxLength: 64 + type: string + cloud: + description: 'Target cloud, example: aws-eu-central-1' + maxLength: 256 + type: string + connInfoSecretTarget: + description: Information regarding secret creation + properties: + name: + description: Name of the Secret resource to be created type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + required: [name] + type: object + copyFromProject: + description: Project name from which to copy settings to the new + project + maxLength: 63 + type: string + countryCode: + description: Billing country code of the project + maxLength: 2 + minLength: 2 + type: string + tags: + additionalProperties: + type: string + description: Tags are key-value pairs that allow you to categorize + projects type: object - type: array - country: - description: Country name - type: string - estimatedBalance: - description: Estimated balance - type: string - paymentMethod: - description: Payment method name - type: string - vatId: - description: EU VAT Identification Number - maxLength: 64 - type: string - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} + technicalEmails: + description: Technical contact emails of the project + items: + type: string + maxItems: 10 + type: array + required: [authSecretRef] + type: object + status: + description: ProjectStatus defines the observed state of Project + properties: + availableCredits: + description: Available credirs + type: string + conditions: + description: Conditions represent the latest available observations + of an Project state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" \ + \ // +patchMergeKey=type // +patchStrategy=merge //\ + \ +listType=map // +listMapKey=type Conditions []metav1.Condition\ + \ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"\ + type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other\ + \ fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + country: + description: Country name + type: string + estimatedBalance: + description: Estimated balance + type: string + paymentMethod: + description: Payment method name + type: string + vatId: + description: EU VAT Identification Number + maxLength: 64 + type: string + required: [conditions] + type: object + type: object + served: true + storage: true + subresources: + status: {} + status: acceptedNames: - kind: "" - plural: "" + kind: '' + plural: '' conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + creationTimestamp: name: projectvpcs.aiven.io + spec: group: aiven.io names: @@ -2793,164 +2711,151 @@ spec: singular: projectvpc scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.cloudName - name: Cloud - type: string - - jsonPath: .spec.networkCidr - name: Network CIDR - type: string - - jsonPath: .status.state - name: State - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ProjectVPC is the Schema for the projectvpcs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProjectVPCSpec defines the desired state of ProjectVPC - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - cloudName: - description: Cloud the VPC is in - maxLength: 256 - type: string - networkCidr: - description: Network address range used by the VPC like 192.168.0.0/24 - maxLength: 36 - type: string - project: - description: The project the VPC belongs to - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - required: - - authSecretRef - - cloudName - - networkCidr - - project - type: object - status: - description: ProjectVPCStatus defines the observed state of ProjectVPC - properties: - conditions: - description: Conditions represent the latest available observations - of an ProjectVPC state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" + - additionalPrinterColumns: + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.cloudName + name: Cloud + type: string + - jsonPath: .spec.networkCidr + name: Network CIDR + type: string + - jsonPath: .status.state + name: State + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ProjectVPC is the Schema for the projectvpcs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProjectVPCSpec defines the desired state of ProjectVPC + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 + key: minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + name: + minLength: 1 type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + required: [key, name] type: object - type: array - id: - description: Project VPC id - type: string - state: - description: State of VPC - type: string - required: - - conditions - - id - - state - type: object - type: object - served: true - storage: true - subresources: - status: {} + cloudName: + description: Cloud the VPC is in + maxLength: 256 + type: string + networkCidr: + description: Network address range used by the VPC like 192.168.0.0/24 + maxLength: 36 + type: string + project: + description: The project the VPC belongs to + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + required: [authSecretRef, cloudName, networkCidr, project] + type: object + status: + description: ProjectVPCStatus defines the observed state of ProjectVPC + properties: + conditions: + description: Conditions represent the latest available observations + of an ProjectVPC state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" \ + \ // +patchMergeKey=type // +patchStrategy=merge //\ + \ +listType=map // +listMapKey=type Conditions []metav1.Condition\ + \ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"\ + type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other\ + \ fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + id: + description: Project VPC id + type: string + state: + description: State of VPC + type: string + required: [conditions, id, state] + type: object + type: object + served: true + storage: true + subresources: + status: {} + status: acceptedNames: - kind: "" - plural: "" + kind: '' + plural: '' conditions: [] storedVersions: [] diff --git a/config/crd/bases/aiven.io_databases.yaml b/config/crd/bases/aiven.io_databases.yaml index 8a25500c..274d3038 100644 --- a/config/crd/bases/aiven.io_databases.yaml +++ b/config/crd/bases/aiven.io_databases.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: databases.aiven.io + spec: group: aiven.io names: @@ -15,153 +17,143 @@ spec: singular: database scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.serviceName - name: Service Name - type: string - - jsonPath: .spec.project - name: Project - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Database is the Schema for the databases API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DatabaseSpec defines the desired state of Database - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - lcCollate: - description: 'Default string sort order (LC_COLLATE) of the database. - Default value: en_US.UTF-8' - maxLength: 128 - type: string - lcCtype: - description: 'Default character classification (LC_CTYPE) of the database. - Default value: en_US.UTF-8' - maxLength: 128 - type: string - project: - description: Project to link the database to - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - serviceName: - description: PostgreSQL service to link the database to - maxLength: 63 - type: string - terminationProtection: - description: It is a Kubernetes side deletion protections, which prevents - the database from being deleted by Kubernetes. It is recommended - to enable this for any production databases containing critical - data. - type: boolean - required: - - project - - serviceName - type: object - status: - description: DatabaseStatus defines the observed state of Database - properties: - conditions: - description: Conditions represent the latest available observations - of an Database state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + - additionalPrinterColumns: + - jsonPath: .spec.serviceName + name: Service Name + type: string + - jsonPath: .spec.project + name: Project + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Database is the Schema for the databases API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DatabaseSpec defines the desired state of Database + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 + key: minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + name: + minLength: 1 type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + required: [key, name] type: object - type: array - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} + lcCollate: + description: 'Default string sort order (LC_COLLATE) of the database. + Default value: en_US.UTF-8' + maxLength: 128 + type: string + lcCtype: + description: 'Default character classification (LC_CTYPE) of the + database. Default value: en_US.UTF-8' + maxLength: 128 + type: string + project: + description: Project to link the database to + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + serviceName: + description: PostgreSQL service to link the database to + maxLength: 63 + type: string + terminationProtection: + description: It is a Kubernetes side deletion protections, which + prevents the database from being deleted by Kubernetes. It is + recommended to enable this for any production databases containing + critical data. + type: boolean + required: [project, serviceName] + type: object + status: + description: DatabaseStatus defines the observed state of Database + properties: + conditions: + description: Conditions represent the latest available observations + of an Database state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + required: [conditions] + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_grafanas.yaml b/config/crd/bases/aiven.io_grafanas.yaml index 7a9247f9..6a4d5e6e 100644 --- a/config/crd/bases/aiven.io_grafanas.yaml +++ b/config/crd/bases/aiven.io_grafanas.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: grafanas.aiven.io + spec: group: aiven.io names: @@ -15,799 +17,746 @@ spec: singular: grafana scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.cloudName - name: Region - type: string - - jsonPath: .spec.plan - name: Plan - type: string - - jsonPath: .status.state - name: State - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Grafana is the Schema for the grafanas API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GrafanaSpec defines the desired state of Grafana - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - cloudName: - description: Cloud the service runs in. - maxLength: 256 - type: string - connInfoSecretTarget: - description: 'Information regarding secret creation. Exposed keys: - `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, - `GRAFANA_URI`, `GRAFANA_HOSTS`' - properties: - annotations: - additionalProperties: - type: string - description: Annotations added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - additionalProperties: - type: string - description: Labels added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: Name of the secret resource to be created. By default, - is equal to the resource name - type: string - prefix: - description: Prefix for the secret's keys. Added "as is" without - any transformations. By default, is equal to the kind name in - uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - type: string - required: - - name - type: object - disk_space: - description: The disk space of the service, possible values depend - on the service type, the cloud provider and the project. Reducing - will result in the service re-balancing. - format: ^[1-9][0-9]*(GiB|G)* - type: string - maintenanceWindowDow: - description: Day of week when maintenance operations should be performed. - One monday, tuesday, wednesday, etc. - enum: - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - - sunday - type: string - maintenanceWindowTime: - description: Time of day when maintenance operations should be performed. - UTC time in HH:mm:ss format. - maxLength: 8 - type: string - plan: - description: Subscription plan. - maxLength: 128 - type: string - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - projectVPCRef: - description: ProjectVPCRef reference to ProjectVPC resource to use - its ID as ProjectVPCID automatically - properties: - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - required: - - name - type: object - projectVpcId: - description: Identifier of the VPC the service should be in, if any. - maxLength: 36 - type: string - serviceIntegrations: - description: Service integrations to specify when creating a service. - Not applied after initial service creation - items: - description: Service integrations to specify when creating a service. - Not applied after initial service creation + - additionalPrinterColumns: + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.cloudName + name: Region + type: string + - jsonPath: .spec.plan + name: Plan + type: string + - jsonPath: .status.state + name: State + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Grafana is the Schema for the grafanas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GrafanaSpec defines the desired state of Grafana + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - integrationType: - enum: - - read_replica + key: + minLength: 1 type: string - sourceServiceName: - maxLength: 64 + name: minLength: 1 type: string - required: - - integrationType - - sourceServiceName + required: [key, name] type: object - maxItems: 1 - type: array - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - tags: - additionalProperties: + cloudName: + description: Cloud the service runs in. + maxLength: 256 type: string - description: Tags are key-value pairs that allow you to categorize - services. - type: object - terminationProtection: - description: Prevent service from being deleted. It is recommended - to have this enabled for all services. - type: boolean - userConfig: - description: Cassandra specific user configuration options - properties: - additional_backup_regions: - description: Additional Cloud Regions for Backup Replication - items: - type: string - maxItems: 1 - type: array - alerting_enabled: - description: Enable or disable Grafana legacy alerting functionality. - This should not be enabled with unified_alerting_enabled. - type: boolean - alerting_error_or_timeout: - description: Default error or timeout setting for new alerting - rules - enum: - - alerting - - keep_state - type: string - alerting_max_annotations_to_keep: - description: Max number of alert annotations that Grafana stores. - 0 (default) keeps all alert annotations. - maximum: 1000000 - minimum: 0 - type: integer - alerting_nodata_or_nullvalues: - description: Default value for 'no data or null values' for new - alerting rules - enum: - - alerting - - no_data - - keep_state - - ok - type: string - allow_embedding: - description: Allow embedding Grafana dashboards with iframe/frame/object/embed - tags. Disabled by default to limit impact of clickjacking - type: boolean - auth_azuread: - description: Azure AD OAuth integration - properties: - allow_sign_up: - description: Automatically sign-up users on successful sign-in - type: boolean - allowed_domains: - description: Allowed domains - items: - type: string - maxItems: 50 - type: array - allowed_groups: - description: Require users to belong to one of given groups - items: - type: string - maxItems: 50 - type: array - auth_url: - description: Authorization URL - maxLength: 2048 - type: string - client_id: - description: Client ID from provider - maxLength: 1024 - pattern: ^[\040-\176]+$ - type: string - client_secret: - description: Client secret from provider - maxLength: 1024 - pattern: ^[\040-\176]+$ - type: string - token_url: - description: Token URL - maxLength: 2048 - type: string - required: - - auth_url - - client_id - - client_secret - - token_url - type: object - auth_basic_enabled: - description: Enable or disable basic authentication form, used - by Grafana built-in login - type: boolean - auth_generic_oauth: - description: Generic OAuth integration - properties: - allow_sign_up: - description: Automatically sign-up users on successful sign-in - type: boolean - allowed_domains: - description: Allowed domains - items: - type: string - maxItems: 50 - type: array - allowed_organizations: - description: Require user to be member of one of the listed - organizations - items: - type: string - maxItems: 50 - type: array - api_url: - description: API URL - maxLength: 2048 - type: string - auth_url: - description: Authorization URL - maxLength: 2048 - type: string - auto_login: - description: Allow users to bypass the login screen and automatically - log in - type: boolean - client_id: - description: Client ID from provider - maxLength: 1024 - pattern: ^[\040-\176]+$ - type: string - client_secret: - description: Client secret from provider - maxLength: 1024 - pattern: ^[\040-\176]+$ - type: string - name: - description: Name of the OAuth integration - maxLength: 128 - pattern: ^[a-zA-Z0-9_\- ]+$ - type: string - scopes: - description: OAuth scopes - items: - type: string - maxItems: 50 - type: array - token_url: - description: Token URL - maxLength: 2048 - type: string - required: - - api_url - - auth_url - - client_id - - client_secret - - token_url - type: object - auth_github: - description: Github Auth integration - properties: - allow_sign_up: - description: Automatically sign-up users on successful sign-in - type: boolean - allowed_organizations: - description: Require users to belong to one of given organizations - items: - type: string - maxItems: 50 - type: array - client_id: - description: Client ID from provider - maxLength: 1024 - pattern: ^[\040-\176]+$ - type: string - client_secret: - description: Client secret from provider - maxLength: 1024 - pattern: ^[\040-\176]+$ - type: string - team_ids: - description: Require users to belong to one of given team - IDs - items: - type: integer - maxItems: 50 - type: array - required: - - client_id - - client_secret - type: object - auth_gitlab: - description: GitLab Auth integration - properties: - allow_sign_up: - description: Automatically sign-up users on successful sign-in - type: boolean - allowed_groups: - description: Require users to belong to one of given groups - items: - type: string - maxItems: 50 - type: array - api_url: - description: API URL. This only needs to be set when using - self hosted GitLab - maxLength: 2048 - type: string - auth_url: - description: Authorization URL. This only needs to be set - when using self hosted GitLab - maxLength: 2048 - type: string - client_id: - description: Client ID from provider - maxLength: 1024 - pattern: ^[\040-\176]+$ - type: string - client_secret: - description: Client secret from provider - maxLength: 1024 - pattern: ^[\040-\176]+$ + connInfoSecretTarget: + description: 'Information regarding secret creation. Exposed keys: + `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, + `GRAFANA_URI`, `GRAFANA_HOSTS`' + properties: + annotations: + additionalProperties: type: string - token_url: - description: Token URL. This only needs to be set when using - self hosted GitLab - maxLength: 2048 + description: Annotations added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: type: string - required: - - allowed_groups - - client_id - - client_secret - type: object - auth_google: - description: Google Auth integration + description: Labels added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Name of the secret resource to be created. By default, + is equal to the resource name + type: string + prefix: + description: Prefix for the secret's keys. Added "as is" without + any transformations. By default, is equal to the kind name + in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. + type: string + required: [name] + type: object + disk_space: + description: The disk space of the service, possible values depend + on the service type, the cloud provider and the project. Reducing + will result in the service re-balancing. + format: ^[1-9][0-9]*(GiB|G)* + type: string + maintenanceWindowDow: + description: Day of week when maintenance operations should be performed. + One monday, tuesday, wednesday, etc. + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + maintenanceWindowTime: + description: Time of day when maintenance operations should be performed. + UTC time in HH:mm:ss format. + maxLength: 8 + type: string + plan: + description: Subscription plan. + maxLength: 128 + type: string + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + projectVPCRef: + description: ProjectVPCRef reference to ProjectVPC resource to use + its ID as ProjectVPCID automatically + properties: + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + required: [name] + type: object + projectVpcId: + description: Identifier of the VPC the service should be in, if + any. + maxLength: 36 + type: string + serviceIntegrations: + description: Service integrations to specify when creating a service. + Not applied after initial service creation + items: + description: Service integrations to specify when creating a service. + Not applied after initial service creation properties: - allow_sign_up: - description: Automatically sign-up users on successful sign-in - type: boolean - allowed_domains: - description: Domains allowed to sign-in to this Grafana - items: - type: string - maxItems: 64 - type: array - client_id: - description: Client ID from provider - maxLength: 1024 - pattern: ^[\040-\176]+$ - type: string - client_secret: - description: Client secret from provider - maxLength: 1024 - pattern: ^[\040-\176]+$ + integrationType: + enum: [read_replica] type: string - required: - - allowed_domains - - client_id - - client_secret - type: object - cookie_samesite: - description: 'Cookie SameSite attribute: ''strict'' prevents sending - cookie for cross-site requests, effectively disabling direct - linking from other sites to Grafana. ''lax'' is the default - value.' - enum: - - lax - - strict - - none - type: string - custom_domain: - description: Serve the web frontend using a custom CNAME pointing - to the Aiven DNS name - maxLength: 255 - type: string - dashboard_previews_enabled: - description: This feature is new in Grafana 9 and is quite resource - intensive. It may cause low-end plans to work more slowly while - the dashboard previews are rendering. - type: boolean - dashboards_min_refresh_interval: - description: Signed sequence of decimal numbers, followed by a - unit suffix (ms, s, m, h, d), e.g. 30s, 1h - maxLength: 16 - pattern: ^[0-9]+(ms|s|m|h|d)$ - type: string - dashboards_versions_to_keep: - description: Dashboard versions to keep per dashboard - maximum: 100 - minimum: 1 - type: integer - dataproxy_send_user_header: - description: Send 'X-Grafana-User' header to data source - type: boolean - dataproxy_timeout: - description: Timeout for data proxy requests in seconds - maximum: 90 - minimum: 15 - type: integer - date_formats: - description: Grafana date format specifications - properties: - default_timezone: - description: Default time zone for user preferences. Value - 'browser' uses browser local time zone. + sourceServiceName: maxLength: 64 - pattern: (?i)^([a-zA-Z_]+/){1,2}[a-zA-Z_-]+$|^(Etc/)?(UTC|GMT)([+-](\d){1,2})?$|^(Factory)$|^(browser)$ - type: string - full_date: - description: Moment.js style format string for cases where - full date is shown - maxLength: 128 - pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: - ]?)*)$' - type: string - interval_day: - description: Moment.js style format string used when a time - requiring day accuracy is shown - maxLength: 128 - pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: - ]?)*)$' - type: string - interval_hour: - description: Moment.js style format string used when a time - requiring hour accuracy is shown - maxLength: 128 - pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: - ]?)*)$' - type: string - interval_minute: - description: Moment.js style format string used when a time - requiring minute accuracy is shown - maxLength: 128 - pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: - ]?)*)$' - type: string - interval_month: - description: Moment.js style format string used when a time - requiring month accuracy is shown - maxLength: 128 - pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: - ]?)*)$' - type: string - interval_second: - description: Moment.js style format string used when a time - requiring second accuracy is shown - maxLength: 128 - pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: - ]?)*)$' - type: string - interval_year: - description: Moment.js style format string used when a time - requiring year accuracy is shown - maxLength: 128 - pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: - ]?)*)$' + minLength: 1 type: string + required: [integrationType, sourceServiceName] type: object - disable_gravatar: - description: Set to true to disable gravatar. Defaults to false - (gravatar is enabled) - type: boolean - editors_can_admin: - description: Editors can manage folders, teams and dashboards - created by them - type: boolean - external_image_storage: - description: External image store settings - properties: - access_key: - description: S3 access key. Requires permissions to the S3 - bucket for the s3:PutObject and s3:PutObjectAcl actions - maxLength: 4096 - pattern: ^[A-Z0-9]+$ - type: string - bucket_url: - description: Bucket URL for S3 - maxLength: 2048 - type: string - provider: - description: Provider type - enum: - - s3 - type: string - secret_key: - description: S3 secret key - maxLength: 4096 - pattern: ^[A-Za-z0-9/+=]+$ - type: string - required: - - access_key - - bucket_url - - provider - - secret_key - type: object - google_analytics_ua_id: - description: Google Analytics ID - maxLength: 64 - pattern: ^(G|UA|YT|MO)-[a-zA-Z0-9-]+$ + maxItems: 1 + type: array + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + tags: + additionalProperties: type: string - ip_filter: - description: Allow incoming connections from CIDR address block, - e.g. '10.20.0.0/16' - items: - description: CIDR address block, either as a string, or in a - dict with an optional description field + description: Tags are key-value pairs that allow you to categorize + services. + type: object + terminationProtection: + description: Prevent service from being deleted. It is recommended + to have this enabled for all services. + type: boolean + userConfig: + description: Cassandra specific user configuration options + properties: + additional_backup_regions: + description: Additional Cloud Regions for Backup Replication + items: + type: string + maxItems: 1 + type: array + alerting_enabled: + description: Enable or disable Grafana legacy alerting functionality. + This should not be enabled with unified_alerting_enabled. + type: boolean + alerting_error_or_timeout: + description: Default error or timeout setting for new alerting + rules + enum: [alerting, keep_state] + type: string + alerting_max_annotations_to_keep: + description: Max number of alert annotations that Grafana stores. + 0 (default) keeps all alert annotations. + maximum: 1000000 + minimum: 0 + type: integer + alerting_nodata_or_nullvalues: + description: Default value for 'no data or null values' for + new alerting rules + enum: [alerting, no_data, keep_state, ok] + type: string + allow_embedding: + description: Allow embedding Grafana dashboards with iframe/frame/object/embed + tags. Disabled by default to limit impact of clickjacking + type: boolean + auth_azuread: + description: Azure AD OAuth integration + properties: + allow_sign_up: + description: Automatically sign-up users on successful sign-in + type: boolean + allowed_domains: + description: Allowed domains + items: + type: string + maxItems: 50 + type: array + allowed_groups: + description: Require users to belong to one of given groups + items: + type: string + maxItems: 50 + type: array + auth_url: + description: Authorization URL + maxLength: 2048 + type: string + client_id: + description: Client ID from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + client_secret: + description: Client secret from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + token_url: + description: Token URL + maxLength: 2048 + type: string + required: [auth_url, client_id, client_secret, token_url] + type: object + auth_basic_enabled: + description: Enable or disable basic authentication form, used + by Grafana built-in login + type: boolean + auth_generic_oauth: + description: Generic OAuth integration properties: - description: - description: Description for IP filter list entry + allow_sign_up: + description: Automatically sign-up users on successful sign-in + type: boolean + allowed_domains: + description: Allowed domains + items: + type: string + maxItems: 50 + type: array + allowed_organizations: + description: Require user to be member of one of the listed + organizations + items: + type: string + maxItems: 50 + type: array + api_url: + description: API URL + maxLength: 2048 + type: string + auth_url: + description: Authorization URL + maxLength: 2048 + type: string + auto_login: + description: Allow users to bypass the login screen and + automatically log in + type: boolean + client_id: + description: Client ID from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + client_secret: + description: Client secret from provider maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + name: + description: Name of the OAuth integration + maxLength: 128 + pattern: ^[a-zA-Z0-9_\- ]+$ type: string - network: - description: CIDR address block - maxLength: 43 + scopes: + description: OAuth scopes + items: + type: string + maxItems: 50 + type: array + token_url: + description: Token URL + maxLength: 2048 type: string - required: - - network + required: [api_url, auth_url, client_id, client_secret, token_url] type: object - maxItems: 1024 - type: array - metrics_enabled: - description: Enable Grafana /metrics endpoint - type: boolean - oauth_allow_insecure_email_lookup: - description: Enforce user lookup based on email instead of the - unique ID provided by the IdP - type: boolean - private_access: - description: Allow access to selected service ports from private - networks - properties: - grafana: - description: Allow clients to connect to grafana with a DNS - name that always resolves to the service's private IP addresses. - Only available in certain network locations - type: boolean - type: object - privatelink_access: - description: Allow access to selected service components through - Privatelink - properties: - grafana: - description: Enable grafana - type: boolean - type: object - project_to_fork_from: - description: Name of another project to fork a service from. This - has effect only when a new service is being created. - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - public_access: - description: Allow access to selected service ports from the public - Internet - properties: - grafana: - description: Allow clients to connect to grafana from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - type: object - recovery_basebackup_name: - description: Name of the basebackup to restore in forked service - maxLength: 128 - pattern: ^[a-zA-Z0-9-_:.]+$ - type: string - service_log: - description: Store logs for the service so that they are available - in the HTTP API and console. - type: boolean - service_to_fork_from: - description: Name of another service to fork from. This has effect - only when a new service is being created. - maxLength: 64 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - smtp_server: - description: SMTP server settings - properties: - from_address: - description: Address used for sending emails - maxLength: 319 - pattern: ^[A-Za-z0-9_\-\.+\'&]+@(([\da-zA-Z])([_\w-]{,62})\.){,127}(([\da-zA-Z])[_\w-]{,61})?([\da-zA-Z]\.((xn\-\-[a-zA-Z\d]+)|([a-zA-Z\d]{2,})))$ - type: string - from_name: - description: Name used in outgoing emails, defaults to Grafana - maxLength: 128 - pattern: ^[^\x00-\x1F]+$ - type: string - host: - description: Server hostname or IP - maxLength: 255 - type: string - password: - description: Password for SMTP authentication - maxLength: 255 - pattern: ^[^\x00-\x1F]+$ - type: string - port: - description: SMTP server port - maximum: 65535 - minimum: 1 - type: integer - skip_verify: - description: Skip verifying server certificate. Defaults to - false - type: boolean - starttls_policy: - description: Either OpportunisticStartTLS, MandatoryStartTLS - or NoStartTLS. Default is OpportunisticStartTLS. - enum: - - OpportunisticStartTLS - - MandatoryStartTLS - - NoStartTLS - type: string - username: - description: Username for SMTP authentication - maxLength: 255 - pattern: ^[^\x00-\x1F]+$ - type: string - required: - - from_address - - host - - port - type: object - static_ips: - description: Use static public IP addresses - type: boolean - unified_alerting_enabled: - description: Enable or disable Grafana unified alerting functionality. - By default this is enabled and any legacy alerts will be migrated - on upgrade to Grafana 9+. To stay on legacy alerting, set unified_alerting_enabled - to false and alerting_enabled to true. See https://grafana.com/docs/grafana/latest/alerting/set-up/migrating-alerts/ - for more details. - type: boolean - user_auto_assign_org: - description: Auto-assign new users on signup to main organization. - Defaults to false - type: boolean - user_auto_assign_org_role: - description: Set role for new signups. Defaults to Viewer - enum: - - Viewer - - Admin - - Editor - type: string - viewers_can_edit: - description: Users with view-only permission can edit but not - save dashboards - type: boolean - type: object - required: - - plan - - project - type: object - status: - description: ServiceStatus defines the observed state of service - properties: - conditions: - description: Conditions represent the latest available observations - of a service state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time + auth_github: + description: Github Auth integration + properties: + allow_sign_up: + description: Automatically sign-up users on successful sign-in + type: boolean + allowed_organizations: + description: Require users to belong to one of given organizations + items: + type: string + maxItems: 50 + type: array + client_id: + description: Client ID from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + client_secret: + description: Client secret from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + team_ids: + description: Require users to belong to one of given team + IDs + items: + type: integer + maxItems: 50 + type: array + required: [client_id, client_secret] + type: object + auth_gitlab: + description: GitLab Auth integration + properties: + allow_sign_up: + description: Automatically sign-up users on successful sign-in + type: boolean + allowed_groups: + description: Require users to belong to one of given groups + items: + type: string + maxItems: 50 + type: array + api_url: + description: API URL. This only needs to be set when using + self hosted GitLab + maxLength: 2048 + type: string + auth_url: + description: Authorization URL. This only needs to be set + when using self hosted GitLab + maxLength: 2048 + type: string + client_id: + description: Client ID from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + client_secret: + description: Client secret from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + token_url: + description: Token URL. This only needs to be set when using + self hosted GitLab + maxLength: 2048 + type: string + required: [allowed_groups, client_id, client_secret] + type: object + auth_google: + description: Google Auth integration + properties: + allow_sign_up: + description: Automatically sign-up users on successful sign-in + type: boolean + allowed_domains: + description: Domains allowed to sign-in to this Grafana + items: + type: string + maxItems: 64 + type: array + client_id: + description: Client ID from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + client_secret: + description: Client secret from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + required: [allowed_domains, client_id, client_secret] + type: object + cookie_samesite: + description: "Cookie SameSite attribute: 'strict' prevents sending\ + \ cookie for cross-site requests, effectively disabling direct\ + \ linking from other sites to Grafana. 'lax' is the default\ + \ value." + enum: [lax, strict, none] type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 + custom_domain: + description: Serve the web frontend using a custom CNAME pointing + to the Aiven DNS name + maxLength: 255 type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 + dashboard_previews_enabled: + description: This feature is new in Grafana 9 and is quite resource + intensive. It may cause low-end plans to work more slowly + while the dashboard previews are rendering. + type: boolean + dashboards_min_refresh_interval: + description: Signed sequence of decimal numbers, followed by + a unit suffix (ms, s, m, h, d), e.g. 30s, 1h + maxLength: 16 + pattern: ^[0-9]+(ms|s|m|h|d)$ + type: string + dashboards_versions_to_keep: + description: Dashboard versions to keep per dashboard + maximum: 100 + minimum: 1 type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + dataproxy_send_user_header: + description: Send 'X-Grafana-User' header to data source + type: boolean + dataproxy_timeout: + description: Timeout for data proxy requests in seconds + maximum: 90 + minimum: 15 + type: integer + date_formats: + description: Grafana date format specifications + properties: + default_timezone: + description: Default time zone for user preferences. Value + 'browser' uses browser local time zone. + maxLength: 64 + pattern: (?i)^([a-zA-Z_]+/){1,2}[a-zA-Z_-]+$|^(Etc/)?(UTC|GMT)([+-](\d){1,2})?$|^(Factory)$|^(browser)$ + type: string + full_date: + description: Moment.js style format string for cases where + full date is shown + maxLength: 128 + pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: + ]?)*)$' + type: string + interval_day: + description: Moment.js style format string used when a time + requiring day accuracy is shown + maxLength: 128 + pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: + ]?)*)$' + type: string + interval_hour: + description: Moment.js style format string used when a time + requiring hour accuracy is shown + maxLength: 128 + pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: + ]?)*)$' + type: string + interval_minute: + description: Moment.js style format string used when a time + requiring minute accuracy is shown + maxLength: 128 + pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: + ]?)*)$' + type: string + interval_month: + description: Moment.js style format string used when a time + requiring month accuracy is shown + maxLength: 128 + pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: + ]?)*)$' + type: string + interval_second: + description: Moment.js style format string used when a time + requiring second accuracy is shown + maxLength: 128 + pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: + ]?)*)$' + type: string + interval_year: + description: Moment.js style format string used when a time + requiring year accuracy is shown + maxLength: 128 + pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: + ]?)*)$' + type: string + type: object + disable_gravatar: + description: Set to true to disable gravatar. Defaults to false + (gravatar is enabled) + type: boolean + editors_can_admin: + description: Editors can manage folders, teams and dashboards + created by them + type: boolean + external_image_storage: + description: External image store settings + properties: + access_key: + description: S3 access key. Requires permissions to the + S3 bucket for the s3:PutObject and s3:PutObjectAcl actions + maxLength: 4096 + pattern: ^[A-Z0-9]+$ + type: string + bucket_url: + description: Bucket URL for S3 + maxLength: 2048 + type: string + provider: + description: Provider type + enum: [s3] + type: string + secret_key: + description: S3 secret key + maxLength: 4096 + pattern: ^[A-Za-z0-9/+=]+$ + type: string + required: [access_key, bucket_url, provider, secret_key] + type: object + google_analytics_ua_id: + description: Google Analytics ID + maxLength: 64 + pattern: ^(G|UA|YT|MO)-[a-zA-Z0-9-]+$ type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown + ip_filter: + description: Allow incoming connections from CIDR address block, + e.g. '10.20.0.0/16' + items: + description: CIDR address block, either as a string, or in + a dict with an optional description field + properties: + description: + description: Description for IP filter list entry + maxLength: 1024 + type: string + network: + description: CIDR address block + maxLength: 43 + type: string + required: [network] + type: object + maxItems: 1024 + type: array + metrics_enabled: + description: Enable Grafana /metrics endpoint + type: boolean + oauth_allow_insecure_email_lookup: + description: Enforce user lookup based on email instead of the + unique ID provided by the IdP + type: boolean + private_access: + description: Allow access to selected service ports from private + networks + properties: + grafana: + description: Allow clients to connect to grafana with a + DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + type: object + privatelink_access: + description: Allow access to selected service components through + Privatelink + properties: + grafana: + description: Enable grafana + type: boolean + type: object + project_to_fork_from: + description: Name of another project to fork a service from. + This has effect only when a new service is being created. + maxLength: 63 type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + public_access: + description: Allow access to selected service ports from the + public Internet + properties: + grafana: + description: Allow clients to connect to grafana from the + public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + type: object + recovery_basebackup_name: + description: Name of the basebackup to restore in forked service + maxLength: 128 + pattern: ^[a-zA-Z0-9-_:.]+$ + type: string + service_log: + description: Store logs for the service so that they are available + in the HTTP API and console. + type: boolean + service_to_fork_from: + description: Name of another service to fork from. This has + effect only when a new service is being created. + maxLength: 64 type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + smtp_server: + description: SMTP server settings + properties: + from_address: + description: Address used for sending emails + maxLength: 319 + pattern: ^[A-Za-z0-9_\-\.+\'&]+@(([\da-zA-Z])([_\w-]{,62})\.){,127}(([\da-zA-Z])[_\w-]{,61})?([\da-zA-Z]\.((xn\-\-[a-zA-Z\d]+)|([a-zA-Z\d]{2,})))$ + type: string + from_name: + description: Name used in outgoing emails, defaults to Grafana + maxLength: 128 + pattern: ^[^\x00-\x1F]+$ + type: string + host: + description: Server hostname or IP + maxLength: 255 + type: string + password: + description: Password for SMTP authentication + maxLength: 255 + pattern: ^[^\x00-\x1F]+$ + type: string + port: + description: SMTP server port + maximum: 65535 + minimum: 1 + type: integer + skip_verify: + description: Skip verifying server certificate. Defaults + to false + type: boolean + starttls_policy: + description: Either OpportunisticStartTLS, MandatoryStartTLS + or NoStartTLS. Default is OpportunisticStartTLS. + enum: [OpportunisticStartTLS, MandatoryStartTLS, NoStartTLS] + type: string + username: + description: Username for SMTP authentication + maxLength: 255 + pattern: ^[^\x00-\x1F]+$ + type: string + required: [from_address, host, port] + type: object + static_ips: + description: Use static public IP addresses + type: boolean + unified_alerting_enabled: + description: Enable or disable Grafana unified alerting functionality. + By default this is enabled and any legacy alerts will be migrated + on upgrade to Grafana 9+. To stay on legacy alerting, set + unified_alerting_enabled to false and alerting_enabled to + true. See https://grafana.com/docs/grafana/latest/alerting/set-up/migrating-alerts/ + for more details. + type: boolean + user_auto_assign_org: + description: Auto-assign new users on signup to main organization. + Defaults to false + type: boolean + user_auto_assign_org_role: + description: Set role for new signups. Defaults to Viewer + enum: [Viewer, Admin, Editor] + type: string + viewers_can_edit: + description: Users with view-only permission can edit but not + save dashboards + type: boolean type: object - type: array - state: - description: Service state - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + required: [plan, project] + type: object + status: + description: ServiceStatus defines the observed state of service + properties: + conditions: + description: Conditions represent the latest available observations + of a service state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + state: + description: Service state + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_kafkaacls.yaml b/config/crd/bases/aiven.io_kafkaacls.yaml index 30e2e2b5..61c87255 100644 --- a/config/crd/bases/aiven.io_kafkaacls.yaml +++ b/config/crd/bases/aiven.io_kafkaacls.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: kafkaacls.aiven.io + spec: group: aiven.io names: @@ -15,167 +17,150 @@ spec: singular: kafkaacl scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.serviceName - name: Service Name - type: string - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.username - name: Username - type: string - - jsonPath: .spec.permission - name: Permission - type: string - - jsonPath: .spec.topic - name: Topic - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: KafkaACL is the Schema for the kafkaacls API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaACLSpec defines the desired state of KafkaACL - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - permission: - description: Kafka permission to grant (admin, read, readwrite, write) - enum: - - admin - - read - - readwrite - - write - type: string - project: - description: Project to link the Kafka ACL to - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - serviceName: - description: Service to link the Kafka ACL to - maxLength: 63 - type: string - topic: - description: Topic name pattern for the ACL entry - type: string - username: - description: Username pattern for the ACL entry - type: string - required: - - permission - - project - - serviceName - - topic - - username - type: object - status: - description: KafkaACLStatus defines the observed state of KafkaACL - properties: - conditions: - description: Conditions represent the latest available observations - of an KafkaACL state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + - additionalPrinterColumns: + - jsonPath: .spec.serviceName + name: Service Name + type: string + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.username + name: Username + type: string + - jsonPath: .spec.permission + name: Permission + type: string + - jsonPath: .spec.topic + name: Topic + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: KafkaACL is the Schema for the kafkaacls API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaACLSpec defines the desired state of KafkaACL + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 + key: minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + name: + minLength: 1 type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + required: [key, name] type: object - type: array - id: - description: Kafka ACL ID - type: string - required: - - conditions - - id - type: object - type: object - served: true - storage: true - subresources: - status: {} + permission: + description: Kafka permission to grant (admin, read, readwrite, + write) + enum: [admin, read, readwrite, write] + type: string + project: + description: Project to link the Kafka ACL to + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + serviceName: + description: Service to link the Kafka ACL to + maxLength: 63 + type: string + topic: + description: Topic name pattern for the ACL entry + type: string + username: + description: Username pattern for the ACL entry + type: string + required: [permission, project, serviceName, topic, username] + type: object + status: + description: KafkaACLStatus defines the observed state of KafkaACL + properties: + conditions: + description: Conditions represent the latest available observations + of an KafkaACL state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + id: + description: Kafka ACL ID + type: string + required: [conditions, id] + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_kafkaconnectors.yaml b/config/crd/bases/aiven.io_kafkaconnectors.yaml index d7b5b41f..d3496bea 100644 --- a/config/crd/bases/aiven.io_kafkaconnectors.yaml +++ b/config/crd/bases/aiven.io_kafkaconnectors.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: kafkaconnectors.aiven.io + spec: group: aiven.io names: @@ -15,212 +17,190 @@ spec: singular: kafkaconnector scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.serviceName - name: Service Name - type: string - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.connectorClass - name: Connector Class - type: string - - jsonPath: .status.state - name: State - type: string - - jsonPath: .status.tasksStatus.total - name: Tasks Total - type: integer - - jsonPath: .status.tasksStatus.running - name: Tasks Running - type: integer - name: v1alpha1 - schema: - openAPIV3Schema: - description: KafkaConnector is the Schema for the kafkaconnectors API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaConnectorSpec defines the desired state of KafkaConnector - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - connectorClass: - description: The Java class of the connector. - maxLength: 1024 - type: string - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - serviceName: - description: Service name. - maxLength: 63 - type: string - userConfig: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .spec.serviceName + name: Service Name + type: string + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.connectorClass + name: Connector Class + type: string + - jsonPath: .status.state + name: State + type: string + - jsonPath: .status.tasksStatus.total + name: Tasks Total + type: integer + - jsonPath: .status.tasksStatus.running + name: Tasks Running + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: KafkaConnector is the Schema for the kafkaconnectors API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaConnectorSpec defines the desired state of KafkaConnector + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret + properties: + key: + minLength: 1 + type: string + name: + minLength: 1 + type: string + required: [key, name] + type: object + connectorClass: + description: The Java class of the connector. + maxLength: 1024 type: string - description: The connector specific configuration To build config - values from secret the template function `{{ fromSecret "name" "key" - }}` is provided when interpreting the keys - type: object - required: - - connectorClass - - project - - serviceName - - userConfig - type: object - status: - description: KafkaConnectorStatus defines the observed state of KafkaConnector - properties: - conditions: - description: Conditions represent the latest available observations - of an kafka connector state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + serviceName: + description: Service name. + maxLength: 63 + type: string + userConfig: + additionalProperties: + type: string + description: The connector specific configuration To build config + values from secret the template function `{{ fromSecret "name" + "key" }}` is provided when interpreting the keys + type: object + required: [connectorClass, project, serviceName, userConfig] + type: object + status: + description: KafkaConnectorStatus defines the observed state of KafkaConnector + properties: + conditions: + description: Conditions represent the latest available observations + of an kafka connector state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + pluginStatus: + description: PluginStatus contains metadata about the configured + connector plugin properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time + author: type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 + class: type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + docUrl: type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown + title: type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + version: + type: string + required: [author, class, docUrl, title, type, version] type: object - type: array - pluginStatus: - description: PluginStatus contains metadata about the configured connector - plugin - properties: - author: - type: string - class: - type: string - docUrl: - type: string - title: - type: string - type: - type: string - version: - type: string - required: - - author - - class - - docUrl - - title - - type - - version - type: object - state: - description: Connector state - type: string - tasksStatus: - description: TasksStatus contains metadata about the running tasks - properties: - failed: - type: integer - paused: - type: integer - running: - type: integer - stackTrace: - type: string - total: - type: integer - unassigned: - type: integer - unknown: - type: integer - required: - - total - type: object - required: - - conditions - - pluginStatus - - state - - tasksStatus - type: object - type: object - served: true - storage: true - subresources: - status: {} + state: + description: Connector state + type: string + tasksStatus: + description: TasksStatus contains metadata about the running tasks + properties: + failed: + type: integer + paused: + type: integer + running: + type: integer + stackTrace: + type: string + total: + type: integer + unassigned: + type: integer + unknown: + type: integer + required: [total] + type: object + required: [conditions, pluginStatus, state, tasksStatus] + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_kafkaconnects.yaml b/config/crd/bases/aiven.io_kafkaconnects.yaml index 2abf81ff..1d9fbec6 100644 --- a/config/crd/bases/aiven.io_kafkaconnects.yaml +++ b/config/crd/bases/aiven.io_kafkaconnects.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: kafkaconnects.aiven.io + spec: group: aiven.io names: @@ -15,426 +17,404 @@ spec: singular: kafkaconnect scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: KafkaConnect is the Schema for the kafkaconnects API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaConnectSpec defines the desired state of KafkaConnect - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - cloudName: - description: Cloud the service runs in. - maxLength: 256 - type: string - maintenanceWindowDow: - description: Day of week when maintenance operations should be performed. - One monday, tuesday, wednesday, etc. - enum: - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - - sunday - type: string - maintenanceWindowTime: - description: Time of day when maintenance operations should be performed. - UTC time in HH:mm:ss format. - maxLength: 8 - type: string - plan: - description: Subscription plan. - maxLength: 128 - type: string - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - projectVPCRef: - description: ProjectVPCRef reference to ProjectVPC resource to use - its ID as ProjectVPCID automatically - properties: - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - required: - - name - type: object - projectVpcId: - description: Identifier of the VPC the service should be in, if any. - maxLength: 36 - type: string - serviceIntegrations: - description: Service integrations to specify when creating a service. - Not applied after initial service creation - items: - description: Service integrations to specify when creating a service. - Not applied after initial service creation + - additionalPrinterColumns: + - jsonPath: .status.state + name: State + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: KafkaConnect is the Schema for the kafkaconnects API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaConnectSpec defines the desired state of KafkaConnect + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - integrationType: - enum: - - read_replica + key: + minLength: 1 type: string - sourceServiceName: - maxLength: 64 + name: minLength: 1 type: string - required: - - integrationType - - sourceServiceName + required: [key, name] type: object - maxItems: 1 - type: array - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - tags: - additionalProperties: + cloudName: + description: Cloud the service runs in. + maxLength: 256 + type: string + maintenanceWindowDow: + description: Day of week when maintenance operations should be performed. + One monday, tuesday, wednesday, etc. + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + maintenanceWindowTime: + description: Time of day when maintenance operations should be performed. + UTC time in HH:mm:ss format. + maxLength: 8 type: string - description: Tags are key-value pairs that allow you to categorize - services. - type: object - terminationProtection: - description: Prevent service from being deleted. It is recommended - to have this enabled for all services. - type: boolean - userConfig: - description: KafkaConnect specific user configuration options - properties: - additional_backup_regions: - description: Additional Cloud Regions for Backup Replication - items: + plan: + description: Subscription plan. + maxLength: 128 + type: string + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + projectVPCRef: + description: ProjectVPCRef reference to ProjectVPC resource to use + its ID as ProjectVPCID automatically + properties: + name: + minLength: 1 type: string - maxItems: 1 - type: array - ip_filter: - description: Allow incoming connections from CIDR address block, - e.g. '10.20.0.0/16' - items: - description: CIDR address block, either as a string, or in a - dict with an optional description field + namespace: + minLength: 1 + type: string + required: [name] + type: object + projectVpcId: + description: Identifier of the VPC the service should be in, if + any. + maxLength: 36 + type: string + serviceIntegrations: + description: Service integrations to specify when creating a service. + Not applied after initial service creation + items: + description: Service integrations to specify when creating a service. + Not applied after initial service creation + properties: + integrationType: + enum: [read_replica] + type: string + sourceServiceName: + maxLength: 64 + minLength: 1 + type: string + required: [integrationType, sourceServiceName] + type: object + maxItems: 1 + type: array + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + tags: + additionalProperties: + type: string + description: Tags are key-value pairs that allow you to categorize + services. + type: object + terminationProtection: + description: Prevent service from being deleted. It is recommended + to have this enabled for all services. + type: boolean + userConfig: + description: KafkaConnect specific user configuration options + properties: + additional_backup_regions: + description: Additional Cloud Regions for Backup Replication + items: + type: string + maxItems: 1 + type: array + ip_filter: + description: Allow incoming connections from CIDR address block, + e.g. '10.20.0.0/16' + items: + description: CIDR address block, either as a string, or in + a dict with an optional description field + properties: + description: + description: Description for IP filter list entry + maxLength: 1024 + type: string + network: + description: CIDR address block + maxLength: 43 + type: string + required: [network] + type: object + maxItems: 1024 + type: array + kafka_connect: + description: Kafka Connect configuration values properties: - description: - description: Description for IP filter list entry - maxLength: 1024 + connector_client_config_override_policy: + description: Defines what client configurations can be overridden + by the connector. Default is None + enum: [None, All] + type: string + consumer_auto_offset_reset: + description: What to do when there is no initial offset + in Kafka or if the current offset does not exist any more + on the server. Default is earliest + enum: [earliest, latest] type: string - network: - description: CIDR address block - maxLength: 43 + consumer_fetch_max_bytes: + description: Records are fetched in batches by the consumer, + and if the first record batch in the first non-empty partition + of the fetch is larger than this value, the record batch + will still be returned to ensure that the consumer can + make progress. As such, this is not a absolute maximum. + maximum: 104857600 + minimum: 1048576 + type: integer + consumer_isolation_level: + description: Transaction read isolation level. read_uncommitted + is the default, but read_committed can be used if consume-exactly-once + behavior is desired. + enum: [read_uncommitted, read_committed] type: string - required: - - network + consumer_max_partition_fetch_bytes: + description: Records are fetched in batches by the consumer.If + the first record batch in the first non-empty partition + of the fetch is larger than this limit, the batch will + still be returned to ensure that the consumer can make + progress. + maximum: 104857600 + minimum: 1048576 + type: integer + consumer_max_poll_interval_ms: + description: The maximum delay in milliseconds between invocations + of poll() when using consumer group management (defaults + to 300000). + maximum: 2147483647 + minimum: 1 + type: integer + consumer_max_poll_records: + description: The maximum number of records returned in a + single call to poll() (defaults to 500). + maximum: 10000 + minimum: 1 + type: integer + offset_flush_interval_ms: + description: The interval at which to try committing offsets + for tasks (defaults to 60000). + maximum: 100000000 + minimum: 1 + type: integer + offset_flush_timeout_ms: + description: Maximum number of milliseconds to wait for + records to flush and partition offset data to be committed + to offset storage before cancelling the process and restoring + the offset data to be committed in a future attempt (defaults + to 5000). + maximum: 2147483647 + minimum: 1 + type: integer + producer_batch_size: + description: This setting gives the upper bound of the batch + size to be sent. If there are fewer than this many bytes + accumulated for this partition, the producer will 'linger' + for the linger.ms time waiting for more records to show + up. A batch size of zero will disable batching entirely + (defaults to 16384). + maximum: 5242880 + minimum: 0 + type: integer + producer_buffer_memory: + description: The total bytes of memory the producer can + use to buffer records waiting to be sent to the broker + (defaults to 33554432). + maximum: 134217728 + minimum: 5242880 + type: integer + producer_compression_type: + description: Specify the default compression type for producers. + This configuration accepts the standard compression codecs + ('gzip', 'snappy', 'lz4', 'zstd'). It additionally accepts + 'none' which is the default and equivalent to no compression. + enum: [gzip, snappy, lz4, zstd, none] + type: string + producer_linger_ms: + description: "This setting gives the upper bound on the\ + \ delay for batching: once there is batch.size worth of\ + \ records for a partition it will be sent immediately\ + \ regardless of this setting, however if there are fewer\ + \ than this many bytes accumulated for this partition\ + \ the producer will 'linger' for the specified time waiting\ + \ for more records to show up. Defaults to 0." + maximum: 5000 + minimum: 0 + type: integer + producer_max_request_size: + description: This setting will limit the number of record + batches the producer will send in a single request to + avoid sending huge requests. + maximum: 67108864 + minimum: 131072 + type: integer + scheduled_rebalance_max_delay_ms: + description: The maximum delay that is scheduled in order + to wait for the return of one or more departed workers + before rebalancing and reassigning their connectors and + tasks to the group. During this period the connectors + and tasks of the departed workers remain unassigned. Defaults + to 5 minutes. + maximum: 600000 + minimum: 0 + type: integer + session_timeout_ms: + description: The timeout in milliseconds used to detect + failures when using Kafka’s group management facilities + (defaults to 10000). + maximum: 2147483647 + minimum: 1 + type: integer + type: object + private_access: + description: Allow access to selected service ports from private + networks + properties: + kafka_connect: + description: Allow clients to connect to kafka_connect with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + prometheus: + description: Allow clients to connect to prometheus with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + type: object + privatelink_access: + description: Allow access to selected service components through + Privatelink + properties: + jolokia: + description: Enable jolokia + type: boolean + kafka_connect: + description: Enable kafka_connect + type: boolean + prometheus: + description: Enable prometheus + type: boolean type: object - maxItems: 1024 - type: array - kafka_connect: - description: Kafka Connect configuration values + public_access: + description: Allow access to selected service ports from the + public Internet + properties: + kafka_connect: + description: Allow clients to connect to kafka_connect from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + prometheus: + description: Allow clients to connect to prometheus from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + type: object + service_log: + description: Store logs for the service so that they are available + in the HTTP API and console. + type: boolean + static_ips: + description: Use static public IP addresses + type: boolean + type: object + required: [plan, project] + type: object + status: + description: ServiceStatus defines the observed state of service + properties: + conditions: + description: Conditions represent the latest available observations + of a service state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" properties: - connector_client_config_override_policy: - description: Defines what client configurations can be overridden - by the connector. Default is None - enum: - - None - - All + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time type: string - consumer_auto_offset_reset: - description: What to do when there is no initial offset in - Kafka or if the current offset does not exist any more on - the server. Default is earliest - enum: - - earliest - - latest + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 type: string - consumer_fetch_max_bytes: - description: Records are fetched in batches by the consumer, - and if the first record batch in the first non-empty partition - of the fetch is larger than this value, the record batch - will still be returned to ensure that the consumer can make - progress. As such, this is not a absolute maximum. - maximum: 104857600 - minimum: 1048576 - type: integer - consumer_isolation_level: - description: Transaction read isolation level. read_uncommitted - is the default, but read_committed can be used if consume-exactly-once - behavior is desired. - enum: - - read_uncommitted - - read_committed - type: string - consumer_max_partition_fetch_bytes: - description: Records are fetched in batches by the consumer.If - the first record batch in the first non-empty partition - of the fetch is larger than this limit, the batch will still - be returned to ensure that the consumer can make progress. - maximum: 104857600 - minimum: 1048576 - type: integer - consumer_max_poll_interval_ms: - description: The maximum delay in milliseconds between invocations - of poll() when using consumer group management (defaults - to 300000). - maximum: 2147483647 - minimum: 1 - type: integer - consumer_max_poll_records: - description: The maximum number of records returned in a single - call to poll() (defaults to 500). - maximum: 10000 - minimum: 1 - type: integer - offset_flush_interval_ms: - description: The interval at which to try committing offsets - for tasks (defaults to 60000). - maximum: 100000000 - minimum: 1 - type: integer - offset_flush_timeout_ms: - description: Maximum number of milliseconds to wait for records - to flush and partition offset data to be committed to offset - storage before cancelling the process and restoring the - offset data to be committed in a future attempt (defaults - to 5000). - maximum: 2147483647 - minimum: 1 - type: integer - producer_batch_size: - description: This setting gives the upper bound of the batch - size to be sent. If there are fewer than this many bytes - accumulated for this partition, the producer will 'linger' - for the linger.ms time waiting for more records to show - up. A batch size of zero will disable batching entirely - (defaults to 16384). - maximum: 5242880 + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 minimum: 0 type: integer - producer_buffer_memory: - description: The total bytes of memory the producer can use - to buffer records waiting to be sent to the broker (defaults - to 33554432). - maximum: 134217728 - minimum: 5242880 - type: integer - producer_compression_type: - description: Specify the default compression type for producers. - This configuration accepts the standard compression codecs - ('gzip', 'snappy', 'lz4', 'zstd'). It additionally accepts - 'none' which is the default and equivalent to no compression. - enum: - - gzip - - snappy - - lz4 - - zstd - - none + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - producer_linger_ms: - description: 'This setting gives the upper bound on the delay - for batching: once there is batch.size worth of records - for a partition it will be sent immediately regardless of - this setting, however if there are fewer than this many - bytes accumulated for this partition the producer will ''linger'' - for the specified time waiting for more records to show - up. Defaults to 0.' - maximum: 5000 - minimum: 0 - type: integer - producer_max_request_size: - description: This setting will limit the number of record - batches the producer will send in a single request to avoid - sending huge requests. - maximum: 67108864 - minimum: 131072 - type: integer - scheduled_rebalance_max_delay_ms: - description: The maximum delay that is scheduled in order - to wait for the return of one or more departed workers before - rebalancing and reassigning their connectors and tasks to - the group. During this period the connectors and tasks of - the departed workers remain unassigned. Defaults to 5 minutes. - maximum: 600000 - minimum: 0 - type: integer - session_timeout_ms: - description: The timeout in milliseconds used to detect failures - when using Kafka’s group management facilities (defaults - to 10000). - maximum: 2147483647 - minimum: 1 - type: integer - type: object - private_access: - description: Allow access to selected service ports from private - networks - properties: - kafka_connect: - description: Allow clients to connect to kafka_connect with - a DNS name that always resolves to the service's private - IP addresses. Only available in certain network locations - type: boolean - prometheus: - description: Allow clients to connect to prometheus with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - type: object - privatelink_access: - description: Allow access to selected service components through - Privatelink - properties: - jolokia: - description: Enable jolokia - type: boolean - kafka_connect: - description: Enable kafka_connect - type: boolean - prometheus: - description: Enable prometheus - type: boolean - type: object - public_access: - description: Allow access to selected service ports from the public - Internet - properties: - kafka_connect: - description: Allow clients to connect to kafka_connect from - the public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - prometheus: - description: Allow clients to connect to prometheus from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] type: object - service_log: - description: Store logs for the service so that they are available - in the HTTP API and console. - type: boolean - static_ips: - description: Use static public IP addresses - type: boolean - type: object - required: - - plan - - project - type: object - status: - description: ServiceStatus defines the observed state of service - properties: - conditions: - description: Conditions represent the latest available observations - of a service state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - state: - description: Service state - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + state: + description: Service state + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_kafkas.yaml b/config/crd/bases/aiven.io_kafkas.yaml index d359f376..afb263f8 100644 --- a/config/crd/bases/aiven.io_kafkas.yaml +++ b/config/crd/bases/aiven.io_kafkas.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: kafkas.aiven.io + spec: group: aiven.io names: @@ -15,966 +17,921 @@ spec: singular: kafka scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.cloudName - name: Region - type: string - - jsonPath: .spec.plan - name: Plan - type: string - - jsonPath: .status.state - name: State - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Kafka is the Schema for the kafkas API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaSpec defines the desired state of Kafka - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - cloudName: - description: Cloud the service runs in. - maxLength: 256 - type: string - connInfoSecretTarget: - description: 'Information regarding secret creation. Exposed keys: - `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, - `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, - `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, - `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`' - properties: - annotations: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.cloudName + name: Region + type: string + - jsonPath: .spec.plan + name: Plan + type: string + - jsonPath: .status.state + name: State + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Kafka is the Schema for the kafkas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of Kafka + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret + properties: + key: + minLength: 1 type: string - description: Annotations added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - additionalProperties: + name: + minLength: 1 type: string - description: Labels added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: Name of the secret resource to be created. By default, - is equal to the resource name - type: string - prefix: - description: Prefix for the secret's keys. Added "as is" without - any transformations. By default, is equal to the kind name in - uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - type: string - required: - - name - type: object - disk_space: - description: The disk space of the service, possible values depend - on the service type, the cloud provider and the project. Reducing - will result in the service re-balancing. - format: ^[1-9][0-9]*(GiB|G)* - type: string - karapace: - description: Switch the service to use Karapace for schema registry - and REST proxy - type: boolean - maintenanceWindowDow: - description: Day of week when maintenance operations should be performed. - One monday, tuesday, wednesday, etc. - enum: - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - - sunday - type: string - maintenanceWindowTime: - description: Time of day when maintenance operations should be performed. - UTC time in HH:mm:ss format. - maxLength: 8 - type: string - plan: - description: Subscription plan. - maxLength: 128 - type: string - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - projectVPCRef: - description: ProjectVPCRef reference to ProjectVPC resource to use - its ID as ProjectVPCID automatically - properties: - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - required: - - name - type: object - projectVpcId: - description: Identifier of the VPC the service should be in, if any. - maxLength: 36 - type: string - serviceIntegrations: - description: Service integrations to specify when creating a service. - Not applied after initial service creation - items: - description: Service integrations to specify when creating a service. - Not applied after initial service creation + required: [key, name] + type: object + cloudName: + description: Cloud the service runs in. + maxLength: 256 + type: string + connInfoSecretTarget: + description: 'Information regarding secret creation. Exposed keys: + `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, + `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, + `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, + `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`' properties: - integrationType: - enum: - - read_replica + annotations: + additionalProperties: + type: string + description: Annotations added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: + type: string + description: Labels added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Name of the secret resource to be created. By default, + is equal to the resource name type: string - sourceServiceName: - maxLength: 64 - minLength: 1 + prefix: + description: Prefix for the secret's keys. Added "as is" without + any transformations. By default, is equal to the kind name + in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. type: string - required: - - integrationType - - sourceServiceName + required: [name] type: object - maxItems: 1 - type: array - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - tags: - additionalProperties: + disk_space: + description: The disk space of the service, possible values depend + on the service type, the cloud provider and the project. Reducing + will result in the service re-balancing. + format: ^[1-9][0-9]*(GiB|G)* + type: string + karapace: + description: Switch the service to use Karapace for schema registry + and REST proxy + type: boolean + maintenanceWindowDow: + description: Day of week when maintenance operations should be performed. + One monday, tuesday, wednesday, etc. + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + maintenanceWindowTime: + description: Time of day when maintenance operations should be performed. + UTC time in HH:mm:ss format. + maxLength: 8 + type: string + plan: + description: Subscription plan. + maxLength: 128 type: string - description: Tags are key-value pairs that allow you to categorize - services. - type: object - terminationProtection: - description: Prevent service from being deleted. It is recommended - to have this enabled for all services. - type: boolean - userConfig: - description: Kafka specific user configuration options - properties: - additional_backup_regions: - description: Additional Cloud Regions for Backup Replication - items: + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + projectVPCRef: + description: ProjectVPCRef reference to ProjectVPC resource to use + its ID as ProjectVPCID automatically + properties: + name: + minLength: 1 type: string - maxItems: 1 - type: array - aiven_kafka_topic_messages: - description: Allow access to read Kafka topic messages in the - Aiven Console and REST API. - type: boolean - custom_domain: - description: Serve the web frontend using a custom CNAME pointing - to the Aiven DNS name - maxLength: 255 + namespace: + minLength: 1 + type: string + required: [name] + type: object + projectVpcId: + description: Identifier of the VPC the service should be in, if + any. + maxLength: 36 + type: string + serviceIntegrations: + description: Service integrations to specify when creating a service. + Not applied after initial service creation + items: + description: Service integrations to specify when creating a service. + Not applied after initial service creation + properties: + integrationType: + enum: [read_replica] + type: string + sourceServiceName: + maxLength: 64 + minLength: 1 + type: string + required: [integrationType, sourceServiceName] + type: object + maxItems: 1 + type: array + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + tags: + additionalProperties: type: string - ip_filter: - description: Allow incoming connections from CIDR address block, - e.g. '10.20.0.0/16' - items: - description: CIDR address block, either as a string, or in a - dict with an optional description field + description: Tags are key-value pairs that allow you to categorize + services. + type: object + terminationProtection: + description: Prevent service from being deleted. It is recommended + to have this enabled for all services. + type: boolean + userConfig: + description: Kafka specific user configuration options + properties: + additional_backup_regions: + description: Additional Cloud Regions for Backup Replication + items: + type: string + maxItems: 1 + type: array + aiven_kafka_topic_messages: + description: Allow access to read Kafka topic messages in the + Aiven Console and REST API. + type: boolean + custom_domain: + description: Serve the web frontend using a custom CNAME pointing + to the Aiven DNS name + maxLength: 255 + type: string + ip_filter: + description: Allow incoming connections from CIDR address block, + e.g. '10.20.0.0/16' + items: + description: CIDR address block, either as a string, or in + a dict with an optional description field + properties: + description: + description: Description for IP filter list entry + maxLength: 1024 + type: string + network: + description: CIDR address block + maxLength: 43 + type: string + required: [network] + type: object + maxItems: 1024 + type: array + kafka: + description: Kafka broker configuration values properties: - description: - description: Description for IP filter list entry - maxLength: 1024 + auto_create_topics_enable: + description: Enable auto creation of topics + type: boolean + compression_type: + description: Specify the final compression type for a given + topic. This configuration accepts the standard compression + codecs ('gzip', 'snappy', 'lz4', 'zstd'). It additionally + accepts 'uncompressed' which is equivalent to no compression; + and 'producer' which means retain the original compression + codec set by the producer. + enum: [gzip, snappy, lz4, zstd, uncompressed, producer] + type: string + connections_max_idle_ms: + description: 'Idle connections timeout: the server socket + processor threads close the connections that idle for + longer than this.' + maximum: 3600000 + minimum: 1000 + type: integer + default_replication_factor: + description: Replication factor for autocreated topics + maximum: 10 + minimum: 1 + type: integer + group_initial_rebalance_delay_ms: + description: The amount of time, in milliseconds, the group + coordinator will wait for more consumers to join a new + group before performing the first rebalance. A longer + delay means potentially fewer rebalances, but increases + the time until processing begins. The default value for + this is 3 seconds. During development and testing it might + be desirable to set this to 0 in order to not delay test + execution time. + maximum: 300000 + minimum: 0 + type: integer + group_max_session_timeout_ms: + description: The maximum allowed session timeout for registered + consumers. Longer timeouts give consumers more time to + process messages in between heartbeats at the cost of + a longer time to detect failures. + maximum: 1800000 + minimum: 0 + type: integer + group_min_session_timeout_ms: + description: The minimum allowed session timeout for registered + consumers. Longer timeouts give consumers more time to + process messages in between heartbeats at the cost of + a longer time to detect failures. + maximum: 60000 + minimum: 0 + type: integer + log_cleaner_delete_retention_ms: + description: How long are delete records retained? + maximum: 315569260000 + minimum: 0 + type: integer + log_cleaner_max_compaction_lag_ms: + description: The maximum amount of time message will remain + uncompacted. Only applicable for logs that are being compacted + minimum: 30000 + type: integer + log_cleaner_min_cleanable_ratio: + description: Controls log compactor frequency. Larger value + means more frequent compactions but also more space wasted + for logs. Consider setting log.cleaner.max.compaction.lag.ms + to enforce compactions sooner, instead of setting a very + high value for this option. + maximum: 0.9 + minimum: 0.2 + type: number + log_cleaner_min_compaction_lag_ms: + description: The minimum time a message will remain uncompacted + in the log. Only applicable for logs that are being compacted. + minimum: 0 + type: integer + log_cleanup_policy: + description: The default cleanup policy for segments beyond + the retention window + enum: [delete, compact, 'compact,delete'] + type: string + log_flush_interval_messages: + description: The number of messages accumulated on a log + partition before messages are flushed to disk + minimum: 1 + type: integer + log_flush_interval_ms: + description: The maximum time in ms that a message in any + topic is kept in memory before flushed to disk. If not + set, the value in log.flush.scheduler.interval.ms is used + minimum: 0 + type: integer + log_index_interval_bytes: + description: The interval with which Kafka adds an entry + to the offset index + maximum: 104857600 + minimum: 0 + type: integer + log_index_size_max_bytes: + description: The maximum size in bytes of the offset index + maximum: 104857600 + minimum: 1048576 + type: integer + log_local_retention_bytes: + description: The maximum size of local log segments that + can grow for a partition before it gets eligible for deletion. + If set to -2, the value of log.retention.bytes is used. + The effective value should always be less than or equal + to log.retention.bytes value. + minimum: -2 + type: integer + log_local_retention_ms: + description: The number of milliseconds to keep the local + log segments before it gets eligible for deletion. If + set to -2, the value of log.retention.ms is used. The + effective value should always be less than or equal to + log.retention.ms value. + minimum: -2 + type: integer + log_message_downconversion_enable: + description: This configuration controls whether down-conversion + of message formats is enabled to satisfy consume requests. + type: boolean + log_message_timestamp_difference_max_ms: + description: The maximum difference allowed between the + timestamp when a broker receives a message and the timestamp + specified in the message + minimum: 0 + type: integer + log_message_timestamp_type: + description: Define whether the timestamp in the message + is message create time or log append time. + enum: [CreateTime, LogAppendTime] type: string - network: - description: CIDR address block - maxLength: 43 + log_preallocate: + description: Should pre allocate file when create new segment? + type: boolean + log_retention_bytes: + description: The maximum size of the log before deleting + messages + minimum: -1 + type: integer + log_retention_hours: + description: The number of hours to keep a log file before + deleting it + maximum: 2147483647 + minimum: -1 + type: integer + log_retention_ms: + description: The number of milliseconds to keep a log file + before deleting it (in milliseconds), If not set, the + value in log.retention.minutes is used. If set to -1, + no time limit is applied. + minimum: -1 + type: integer + log_roll_jitter_ms: + description: The maximum jitter to subtract from logRollTimeMillis + (in milliseconds). If not set, the value in log.roll.jitter.hours + is used + minimum: 0 + type: integer + log_roll_ms: + description: The maximum time before a new log segment is + rolled out (in milliseconds). + minimum: 1 + type: integer + log_segment_bytes: + description: The maximum size of a single log file + maximum: 1073741824 + minimum: 10485760 + type: integer + log_segment_delete_delay_ms: + description: The amount of time to wait before deleting + a file from the filesystem + maximum: 3600000 + minimum: 0 + type: integer + max_connections_per_ip: + description: The maximum number of connections allowed from + each ip address (defaults to 2147483647). + maximum: 2147483647 + minimum: 256 + type: integer + max_incremental_fetch_session_cache_slots: + description: The maximum number of incremental fetch sessions + that the broker will maintain. + maximum: 10000 + minimum: 1000 + type: integer + message_max_bytes: + description: The maximum size of message that the server + can receive. + maximum: 100001200 + minimum: 0 + type: integer + min_insync_replicas: + description: When a producer sets acks to 'all' (or '-1'), + min.insync.replicas specifies the minimum number of replicas + that must acknowledge a write for the write to be considered + successful. + maximum: 7 + minimum: 1 + type: integer + num_partitions: + description: Number of partitions for autocreated topics + maximum: 1000 + minimum: 1 + type: integer + offsets_retention_minutes: + description: Log retention window in minutes for offsets + topic + maximum: 2147483647 + minimum: 1 + type: integer + producer_purgatory_purge_interval_requests: + description: The purge interval (in number of requests) + of the producer request purgatory(defaults to 1000). + maximum: 10000 + minimum: 10 + type: integer + replica_fetch_max_bytes: + description: The number of bytes of messages to attempt + to fetch for each partition (defaults to 1048576). This + is not an absolute maximum, if the first record batch + in the first non-empty partition of the fetch is larger + than this value, the record batch will still be returned + to ensure that progress can be made. + maximum: 104857600 + minimum: 1048576 + type: integer + replica_fetch_response_max_bytes: + description: Maximum bytes expected for the entire fetch + response (defaults to 10485760). Records are fetched in + batches, and if the first record batch in the first non-empty + partition of the fetch is larger than this value, the + record batch will still be returned to ensure that progress + can be made. As such, this is not an absolute maximum. + maximum: 1048576000 + minimum: 10485760 + type: integer + sasl_oauthbearer_expected_audience: + description: The (optional) comma-delimited setting for + the broker to use to verify that the JWT was issued for + one of the expected audiences. + maxLength: 128 type: string - required: - - network + sasl_oauthbearer_expected_issuer: + description: Optional setting for the broker to use to verify + that the JWT was created by the expected issuer. + maxLength: 128 + type: string + sasl_oauthbearer_jwks_endpoint_url: + description: OIDC JWKS endpoint URL. By setting this the + SASL SSL OAuth2/OIDC authentication is enabled. See also + other options for SASL OAuth2/OIDC. + maxLength: 2048 + type: string + sasl_oauthbearer_sub_claim_name: + description: Name of the scope from which to extract the + subject claim from the JWT. Defaults to sub. + maxLength: 128 + type: string + socket_request_max_bytes: + description: The maximum number of bytes in a socket request + (defaults to 104857600). + maximum: 209715200 + minimum: 10485760 + type: integer + transaction_partition_verification_enable: + description: Enable verification that checks that the partition + has been added to the transaction before writing transactional + records to the partition + type: boolean + transaction_remove_expired_transaction_cleanup_interval_ms: + description: The interval at which to remove transactions + that have expired due to transactional.id.expiration.ms + passing (defaults to 3600000 (1 hour)). + maximum: 3600000 + minimum: 600000 + type: integer + transaction_state_log_segment_bytes: + description: The transaction topic segment bytes should + be kept relatively small in order to facilitate faster + log compaction and cache loads (defaults to 104857600 + (100 mebibytes)). + maximum: 2147483647 + minimum: 1048576 + type: integer type: object - maxItems: 1024 - type: array - kafka: - description: Kafka broker configuration values - properties: - auto_create_topics_enable: - description: Enable auto creation of topics - type: boolean - compression_type: - description: Specify the final compression type for a given - topic. This configuration accepts the standard compression - codecs ('gzip', 'snappy', 'lz4', 'zstd'). It additionally - accepts 'uncompressed' which is equivalent to no compression; - and 'producer' which means retain the original compression - codec set by the producer. - enum: - - gzip - - snappy - - lz4 - - zstd - - uncompressed - - producer - type: string - connections_max_idle_ms: - description: 'Idle connections timeout: the server socket - processor threads close the connections that idle for longer - than this.' - maximum: 3600000 - minimum: 1000 - type: integer - default_replication_factor: - description: Replication factor for autocreated topics - maximum: 10 - minimum: 1 - type: integer - group_initial_rebalance_delay_ms: - description: The amount of time, in milliseconds, the group - coordinator will wait for more consumers to join a new group - before performing the first rebalance. A longer delay means - potentially fewer rebalances, but increases the time until - processing begins. The default value for this is 3 seconds. - During development and testing it might be desirable to - set this to 0 in order to not delay test execution time. - maximum: 300000 - minimum: 0 - type: integer - group_max_session_timeout_ms: - description: The maximum allowed session timeout for registered - consumers. Longer timeouts give consumers more time to process - messages in between heartbeats at the cost of a longer time - to detect failures. - maximum: 1800000 - minimum: 0 - type: integer - group_min_session_timeout_ms: - description: The minimum allowed session timeout for registered - consumers. Longer timeouts give consumers more time to process - messages in between heartbeats at the cost of a longer time - to detect failures. - maximum: 60000 - minimum: 0 - type: integer - log_cleaner_delete_retention_ms: - description: How long are delete records retained? - maximum: 315569260000 - minimum: 0 - type: integer - log_cleaner_max_compaction_lag_ms: - description: The maximum amount of time message will remain - uncompacted. Only applicable for logs that are being compacted - minimum: 30000 - type: integer - log_cleaner_min_cleanable_ratio: - description: Controls log compactor frequency. Larger value - means more frequent compactions but also more space wasted - for logs. Consider setting log.cleaner.max.compaction.lag.ms - to enforce compactions sooner, instead of setting a very - high value for this option. - maximum: 0.9 - minimum: 0.2 - type: number - log_cleaner_min_compaction_lag_ms: - description: The minimum time a message will remain uncompacted - in the log. Only applicable for logs that are being compacted. - minimum: 0 - type: integer - log_cleanup_policy: - description: The default cleanup policy for segments beyond - the retention window - enum: - - delete - - compact - - compact,delete - type: string - log_flush_interval_messages: - description: The number of messages accumulated on a log partition - before messages are flushed to disk - minimum: 1 - type: integer - log_flush_interval_ms: - description: The maximum time in ms that a message in any - topic is kept in memory before flushed to disk. If not set, - the value in log.flush.scheduler.interval.ms is used - minimum: 0 - type: integer - log_index_interval_bytes: - description: The interval with which Kafka adds an entry to - the offset index - maximum: 104857600 - minimum: 0 - type: integer - log_index_size_max_bytes: - description: The maximum size in bytes of the offset index - maximum: 104857600 - minimum: 1048576 - type: integer - log_local_retention_bytes: - description: The maximum size of local log segments that can - grow for a partition before it gets eligible for deletion. - If set to -2, the value of log.retention.bytes is used. - The effective value should always be less than or equal - to log.retention.bytes value. - minimum: -2 - type: integer - log_local_retention_ms: - description: The number of milliseconds to keep the local - log segments before it gets eligible for deletion. If set - to -2, the value of log.retention.ms is used. The effective - value should always be less than or equal to log.retention.ms - value. - minimum: -2 - type: integer - log_message_downconversion_enable: - description: This configuration controls whether down-conversion - of message formats is enabled to satisfy consume requests. - type: boolean - log_message_timestamp_difference_max_ms: - description: The maximum difference allowed between the timestamp - when a broker receives a message and the timestamp specified - in the message - minimum: 0 - type: integer - log_message_timestamp_type: - description: Define whether the timestamp in the message is - message create time or log append time. - enum: - - CreateTime - - LogAppendTime - type: string - log_preallocate: - description: Should pre allocate file when create new segment? - type: boolean - log_retention_bytes: - description: The maximum size of the log before deleting messages - minimum: -1 - type: integer - log_retention_hours: - description: The number of hours to keep a log file before - deleting it - maximum: 2147483647 - minimum: -1 - type: integer - log_retention_ms: - description: The number of milliseconds to keep a log file - before deleting it (in milliseconds), If not set, the value - in log.retention.minutes is used. If set to -1, no time - limit is applied. - minimum: -1 - type: integer - log_roll_jitter_ms: - description: The maximum jitter to subtract from logRollTimeMillis - (in milliseconds). If not set, the value in log.roll.jitter.hours - is used - minimum: 0 - type: integer - log_roll_ms: - description: The maximum time before a new log segment is - rolled out (in milliseconds). - minimum: 1 - type: integer - log_segment_bytes: - description: The maximum size of a single log file - maximum: 1073741824 - minimum: 10485760 - type: integer - log_segment_delete_delay_ms: - description: The amount of time to wait before deleting a - file from the filesystem - maximum: 3600000 - minimum: 0 - type: integer - max_connections_per_ip: - description: The maximum number of connections allowed from - each ip address (defaults to 2147483647). - maximum: 2147483647 - minimum: 256 - type: integer - max_incremental_fetch_session_cache_slots: - description: The maximum number of incremental fetch sessions - that the broker will maintain. - maximum: 10000 - minimum: 1000 - type: integer - message_max_bytes: - description: The maximum size of message that the server can - receive. - maximum: 100001200 - minimum: 0 - type: integer - min_insync_replicas: - description: When a producer sets acks to 'all' (or '-1'), - min.insync.replicas specifies the minimum number of replicas - that must acknowledge a write for the write to be considered - successful. - maximum: 7 - minimum: 1 - type: integer - num_partitions: - description: Number of partitions for autocreated topics - maximum: 1000 - minimum: 1 - type: integer - offsets_retention_minutes: - description: Log retention window in minutes for offsets topic - maximum: 2147483647 - minimum: 1 - type: integer - producer_purgatory_purge_interval_requests: - description: The purge interval (in number of requests) of - the producer request purgatory(defaults to 1000). - maximum: 10000 - minimum: 10 - type: integer - replica_fetch_max_bytes: - description: The number of bytes of messages to attempt to - fetch for each partition (defaults to 1048576). This is - not an absolute maximum, if the first record batch in the - first non-empty partition of the fetch is larger than this - value, the record batch will still be returned to ensure - that progress can be made. - maximum: 104857600 - minimum: 1048576 - type: integer - replica_fetch_response_max_bytes: - description: Maximum bytes expected for the entire fetch response - (defaults to 10485760). Records are fetched in batches, - and if the first record batch in the first non-empty partition - of the fetch is larger than this value, the record batch - will still be returned to ensure that progress can be made. - As such, this is not an absolute maximum. - maximum: 1048576000 - minimum: 10485760 - type: integer - sasl_oauthbearer_expected_audience: - description: The (optional) comma-delimited setting for the - broker to use to verify that the JWT was issued for one - of the expected audiences. - maxLength: 128 - type: string - sasl_oauthbearer_expected_issuer: - description: Optional setting for the broker to use to verify - that the JWT was created by the expected issuer. - maxLength: 128 - type: string - sasl_oauthbearer_jwks_endpoint_url: - description: OIDC JWKS endpoint URL. By setting this the SASL - SSL OAuth2/OIDC authentication is enabled. See also other - options for SASL OAuth2/OIDC. - maxLength: 2048 - type: string - sasl_oauthbearer_sub_claim_name: - description: Name of the scope from which to extract the subject - claim from the JWT. Defaults to sub. - maxLength: 128 - type: string - socket_request_max_bytes: - description: The maximum number of bytes in a socket request - (defaults to 104857600). - maximum: 209715200 - minimum: 10485760 - type: integer - transaction_partition_verification_enable: - description: Enable verification that checks that the partition - has been added to the transaction before writing transactional - records to the partition - type: boolean - transaction_remove_expired_transaction_cleanup_interval_ms: - description: The interval at which to remove transactions - that have expired due to transactional.id.expiration.ms - passing (defaults to 3600000 (1 hour)). - maximum: 3600000 - minimum: 600000 - type: integer - transaction_state_log_segment_bytes: - description: The transaction topic segment bytes should be - kept relatively small in order to facilitate faster log - compaction and cache loads (defaults to 104857600 (100 mebibytes)). - maximum: 2147483647 - minimum: 1048576 - type: integer - type: object - kafka_authentication_methods: - description: Kafka authentication methods - properties: - certificate: - description: Enable certificate/SSL authentication - type: boolean - sasl: - description: Enable SASL authentication - type: boolean - type: object - kafka_connect: - description: Enable Kafka Connect service - type: boolean - kafka_connect_config: - description: Kafka Connect configuration values + kafka_authentication_methods: + description: Kafka authentication methods + properties: + certificate: + description: Enable certificate/SSL authentication + type: boolean + sasl: + description: Enable SASL authentication + type: boolean + type: object + kafka_connect: + description: Enable Kafka Connect service + type: boolean + kafka_connect_config: + description: Kafka Connect configuration values + properties: + connector_client_config_override_policy: + description: Defines what client configurations can be overridden + by the connector. Default is None + enum: [None, All] + type: string + consumer_auto_offset_reset: + description: What to do when there is no initial offset + in Kafka or if the current offset does not exist any more + on the server. Default is earliest + enum: [earliest, latest] + type: string + consumer_fetch_max_bytes: + description: Records are fetched in batches by the consumer, + and if the first record batch in the first non-empty partition + of the fetch is larger than this value, the record batch + will still be returned to ensure that the consumer can + make progress. As such, this is not a absolute maximum. + maximum: 104857600 + minimum: 1048576 + type: integer + consumer_isolation_level: + description: Transaction read isolation level. read_uncommitted + is the default, but read_committed can be used if consume-exactly-once + behavior is desired. + enum: [read_uncommitted, read_committed] + type: string + consumer_max_partition_fetch_bytes: + description: Records are fetched in batches by the consumer.If + the first record batch in the first non-empty partition + of the fetch is larger than this limit, the batch will + still be returned to ensure that the consumer can make + progress. + maximum: 104857600 + minimum: 1048576 + type: integer + consumer_max_poll_interval_ms: + description: The maximum delay in milliseconds between invocations + of poll() when using consumer group management (defaults + to 300000). + maximum: 2147483647 + minimum: 1 + type: integer + consumer_max_poll_records: + description: The maximum number of records returned in a + single call to poll() (defaults to 500). + maximum: 10000 + minimum: 1 + type: integer + offset_flush_interval_ms: + description: The interval at which to try committing offsets + for tasks (defaults to 60000). + maximum: 100000000 + minimum: 1 + type: integer + offset_flush_timeout_ms: + description: Maximum number of milliseconds to wait for + records to flush and partition offset data to be committed + to offset storage before cancelling the process and restoring + the offset data to be committed in a future attempt (defaults + to 5000). + maximum: 2147483647 + minimum: 1 + type: integer + producer_batch_size: + description: This setting gives the upper bound of the batch + size to be sent. If there are fewer than this many bytes + accumulated for this partition, the producer will 'linger' + for the linger.ms time waiting for more records to show + up. A batch size of zero will disable batching entirely + (defaults to 16384). + maximum: 5242880 + minimum: 0 + type: integer + producer_buffer_memory: + description: The total bytes of memory the producer can + use to buffer records waiting to be sent to the broker + (defaults to 33554432). + maximum: 134217728 + minimum: 5242880 + type: integer + producer_compression_type: + description: Specify the default compression type for producers. + This configuration accepts the standard compression codecs + ('gzip', 'snappy', 'lz4', 'zstd'). It additionally accepts + 'none' which is the default and equivalent to no compression. + enum: [gzip, snappy, lz4, zstd, none] + type: string + producer_linger_ms: + description: "This setting gives the upper bound on the\ + \ delay for batching: once there is batch.size worth of\ + \ records for a partition it will be sent immediately\ + \ regardless of this setting, however if there are fewer\ + \ than this many bytes accumulated for this partition\ + \ the producer will 'linger' for the specified time waiting\ + \ for more records to show up. Defaults to 0." + maximum: 5000 + minimum: 0 + type: integer + producer_max_request_size: + description: This setting will limit the number of record + batches the producer will send in a single request to + avoid sending huge requests. + maximum: 67108864 + minimum: 131072 + type: integer + scheduled_rebalance_max_delay_ms: + description: The maximum delay that is scheduled in order + to wait for the return of one or more departed workers + before rebalancing and reassigning their connectors and + tasks to the group. During this period the connectors + and tasks of the departed workers remain unassigned. Defaults + to 5 minutes. + maximum: 600000 + minimum: 0 + type: integer + session_timeout_ms: + description: The timeout in milliseconds used to detect + failures when using Kafka’s group management facilities + (defaults to 10000). + maximum: 2147483647 + minimum: 1 + type: integer + type: object + kafka_rest: + description: Enable Kafka-REST service + type: boolean + kafka_rest_authorization: + description: Enable authorization in Kafka-REST service + type: boolean + kafka_rest_config: + description: Kafka REST configuration + properties: + consumer_enable_auto_commit: + description: If true the consumer's offset will be periodically + committed to Kafka in the background + type: boolean + consumer_request_max_bytes: + description: Maximum number of bytes in unencoded message + keys and values by a single request + maximum: 671088640 + minimum: 0 + type: integer + consumer_request_timeout_ms: + description: The maximum total time to wait for messages + for a request if the maximum number of messages has not + yet been reached + enum: [1000, 15000, 30000] + maximum: 30000 + minimum: 1000 + type: integer + name_strategy_validation: + description: If true, validate that given schema is registered + under expected subject name by the used name strategy + when producing messages. + type: boolean + producer_acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. If set to 'all' or '-1', the leader + will wait for the full set of in-sync replicas to acknowledge + the record. + enum: [all, '-1', '0', '1'] + type: string + producer_compression_type: + description: Specify the default compression type for producers. + This configuration accepts the standard compression codecs + ('gzip', 'snappy', 'lz4', 'zstd'). It additionally accepts + 'none' which is the default and equivalent to no compression. + enum: [gzip, snappy, lz4, zstd, none] + type: string + producer_linger_ms: + description: Wait for up to the given delay to allow batching + records together + maximum: 5000 + minimum: 0 + type: integer + producer_max_request_size: + description: The maximum size of a request in bytes. Note + that Kafka broker can also cap the record batch size. + maximum: 2147483647 + minimum: 0 + type: integer + simpleconsumer_pool_size_max: + description: Maximum number of SimpleConsumers that can + be instantiated per broker + maximum: 250 + minimum: 10 + type: integer + type: object + kafka_version: + description: Kafka major version + enum: ['3.3', '3.1', '3.4', '3.5', '3.6'] + type: string + private_access: + description: Allow access to selected service ports from private + networks + properties: + kafka: + description: Allow clients to connect to kafka with a DNS + name that always resolves to the service's private IP + addresses. Only available in certain network locations + type: boolean + kafka_connect: + description: Allow clients to connect to kafka_connect with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + kafka_rest: + description: Allow clients to connect to kafka_rest with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + prometheus: + description: Allow clients to connect to prometheus with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + schema_registry: + description: Allow clients to connect to schema_registry + with a DNS name that always resolves to the service's + private IP addresses. Only available in certain network + locations + type: boolean + type: object + privatelink_access: + description: Allow access to selected service components through + Privatelink + properties: + jolokia: + description: Enable jolokia + type: boolean + kafka: + description: Enable kafka + type: boolean + kafka_connect: + description: Enable kafka_connect + type: boolean + kafka_rest: + description: Enable kafka_rest + type: boolean + prometheus: + description: Enable prometheus + type: boolean + schema_registry: + description: Enable schema_registry + type: boolean + type: object + public_access: + description: Allow access to selected service ports from the + public Internet + properties: + kafka: + description: Allow clients to connect to kafka from the + public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + kafka_connect: + description: Allow clients to connect to kafka_connect from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + kafka_rest: + description: Allow clients to connect to kafka_rest from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + prometheus: + description: Allow clients to connect to prometheus from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + schema_registry: + description: Allow clients to connect to schema_registry + from the public internet for service nodes that are in + a project VPC or another type of private network + type: boolean + type: object + schema_registry: + description: Enable Schema-Registry service + type: boolean + schema_registry_config: + description: Schema Registry configuration + properties: + leader_eligibility: + description: If true, Karapace / Schema Registry on the + service nodes can participate in leader election. It might + be needed to disable this when the schemas topic is replicated + to a secondary cluster and Karapace / Schema Registry + there must not participate in leader election. Defaults + to `true`. + type: boolean + topic_name: + description: The durable single partition topic that acts + as the durable log for the data. This topic must be compacted + to avoid losing data due to retention policy. Please note + that changing this configuration in an existing Schema + Registry / Karapace setup leads to previous schemas being + inaccessible, data encoded with them potentially unreadable + and schema ID sequence put out of order. It's only possible + to do the switch while Schema Registry / Karapace is disabled. + Defaults to `_schemas`. + maxLength: 249 + minLength: 1 + type: string + type: object + service_log: + description: Store logs for the service so that they are available + in the HTTP API and console. + type: boolean + static_ips: + description: Use static public IP addresses + type: boolean + tiered_storage: + description: Tiered storage configuration + properties: + enabled: + description: Whether to enable the tiered storage functionality + type: boolean + local_cache: + description: Deprecated. Local cache configuration + properties: + size: + description: Deprecated. Local cache size in bytes + maximum: 107374182400 + minimum: 1 + type: integer + type: object + type: object + type: object + required: [plan, project] + type: object + status: + description: ServiceStatus defines the observed state of service + properties: + conditions: + description: Conditions represent the latest available observations + of a service state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" properties: - connector_client_config_override_policy: - description: Defines what client configurations can be overridden - by the connector. Default is None - enum: - - None - - All + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time type: string - consumer_auto_offset_reset: - description: What to do when there is no initial offset in - Kafka or if the current offset does not exist any more on - the server. Default is earliest - enum: - - earliest - - latest + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 type: string - consumer_fetch_max_bytes: - description: Records are fetched in batches by the consumer, - and if the first record batch in the first non-empty partition - of the fetch is larger than this value, the record batch - will still be returned to ensure that the consumer can make - progress. As such, this is not a absolute maximum. - maximum: 104857600 - minimum: 1048576 - type: integer - consumer_isolation_level: - description: Transaction read isolation level. read_uncommitted - is the default, but read_committed can be used if consume-exactly-once - behavior is desired. - enum: - - read_uncommitted - - read_committed - type: string - consumer_max_partition_fetch_bytes: - description: Records are fetched in batches by the consumer.If - the first record batch in the first non-empty partition - of the fetch is larger than this limit, the batch will still - be returned to ensure that the consumer can make progress. - maximum: 104857600 - minimum: 1048576 - type: integer - consumer_max_poll_interval_ms: - description: The maximum delay in milliseconds between invocations - of poll() when using consumer group management (defaults - to 300000). - maximum: 2147483647 - minimum: 1 - type: integer - consumer_max_poll_records: - description: The maximum number of records returned in a single - call to poll() (defaults to 500). - maximum: 10000 - minimum: 1 - type: integer - offset_flush_interval_ms: - description: The interval at which to try committing offsets - for tasks (defaults to 60000). - maximum: 100000000 - minimum: 1 - type: integer - offset_flush_timeout_ms: - description: Maximum number of milliseconds to wait for records - to flush and partition offset data to be committed to offset - storage before cancelling the process and restoring the - offset data to be committed in a future attempt (defaults - to 5000). - maximum: 2147483647 - minimum: 1 - type: integer - producer_batch_size: - description: This setting gives the upper bound of the batch - size to be sent. If there are fewer than this many bytes - accumulated for this partition, the producer will 'linger' - for the linger.ms time waiting for more records to show - up. A batch size of zero will disable batching entirely - (defaults to 16384). - maximum: 5242880 - minimum: 0 - type: integer - producer_buffer_memory: - description: The total bytes of memory the producer can use - to buffer records waiting to be sent to the broker (defaults - to 33554432). - maximum: 134217728 - minimum: 5242880 - type: integer - producer_compression_type: - description: Specify the default compression type for producers. - This configuration accepts the standard compression codecs - ('gzip', 'snappy', 'lz4', 'zstd'). It additionally accepts - 'none' which is the default and equivalent to no compression. - enum: - - gzip - - snappy - - lz4 - - zstd - - none - type: string - producer_linger_ms: - description: 'This setting gives the upper bound on the delay - for batching: once there is batch.size worth of records - for a partition it will be sent immediately regardless of - this setting, however if there are fewer than this many - bytes accumulated for this partition the producer will ''linger'' - for the specified time waiting for more records to show - up. Defaults to 0.' - maximum: 5000 - minimum: 0 - type: integer - producer_max_request_size: - description: This setting will limit the number of record - batches the producer will send in a single request to avoid - sending huge requests. - maximum: 67108864 - minimum: 131072 - type: integer - scheduled_rebalance_max_delay_ms: - description: The maximum delay that is scheduled in order - to wait for the return of one or more departed workers before - rebalancing and reassigning their connectors and tasks to - the group. During this period the connectors and tasks of - the departed workers remain unassigned. Defaults to 5 minutes. - maximum: 600000 - minimum: 0 - type: integer - session_timeout_ms: - description: The timeout in milliseconds used to detect failures - when using Kafka’s group management facilities (defaults - to 10000). - maximum: 2147483647 - minimum: 1 - type: integer - type: object - kafka_rest: - description: Enable Kafka-REST service - type: boolean - kafka_rest_authorization: - description: Enable authorization in Kafka-REST service - type: boolean - kafka_rest_config: - description: Kafka REST configuration - properties: - consumer_enable_auto_commit: - description: If true the consumer's offset will be periodically - committed to Kafka in the background - type: boolean - consumer_request_max_bytes: - description: Maximum number of bytes in unencoded message - keys and values by a single request - maximum: 671088640 + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 minimum: 0 type: integer - consumer_request_timeout_ms: - description: The maximum total time to wait for messages for - a request if the maximum number of messages has not yet - been reached - enum: - - 1000 - - 15000 - - 30000 - maximum: 30000 - minimum: 1000 - type: integer - name_strategy_validation: - description: If true, validate that given schema is registered - under expected subject name by the used name strategy when - producing messages. - type: boolean - producer_acks: - description: The number of acknowledgments the producer requires - the leader to have received before considering a request - complete. If set to 'all' or '-1', the leader will wait - for the full set of in-sync replicas to acknowledge the - record. - enum: - - all - - "-1" - - "0" - - "1" + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - producer_compression_type: - description: Specify the default compression type for producers. - This configuration accepts the standard compression codecs - ('gzip', 'snappy', 'lz4', 'zstd'). It additionally accepts - 'none' which is the default and equivalent to no compression. - enum: - - gzip - - snappy - - lz4 - - zstd - - none + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] type: string - producer_linger_ms: - description: Wait for up to the given delay to allow batching - records together - maximum: 5000 - minimum: 0 - type: integer - producer_max_request_size: - description: The maximum size of a request in bytes. Note - that Kafka broker can also cap the record batch size. - maximum: 2147483647 - minimum: 0 - type: integer - simpleconsumer_pool_size_max: - description: Maximum number of SimpleConsumers that can be - instantiated per broker - maximum: 250 - minimum: 10 - type: integer - type: object - kafka_version: - description: Kafka major version - enum: - - "3.3" - - "3.1" - - "3.4" - - "3.5" - - "3.6" - type: string - private_access: - description: Allow access to selected service ports from private - networks - properties: - kafka: - description: Allow clients to connect to kafka with a DNS - name that always resolves to the service's private IP addresses. - Only available in certain network locations - type: boolean - kafka_connect: - description: Allow clients to connect to kafka_connect with - a DNS name that always resolves to the service's private - IP addresses. Only available in certain network locations - type: boolean - kafka_rest: - description: Allow clients to connect to kafka_rest with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - prometheus: - description: Allow clients to connect to prometheus with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - schema_registry: - description: Allow clients to connect to schema_registry with - a DNS name that always resolves to the service's private - IP addresses. Only available in certain network locations - type: boolean - type: object - privatelink_access: - description: Allow access to selected service components through - Privatelink - properties: - jolokia: - description: Enable jolokia - type: boolean - kafka: - description: Enable kafka - type: boolean - kafka_connect: - description: Enable kafka_connect - type: boolean - kafka_rest: - description: Enable kafka_rest - type: boolean - prometheus: - description: Enable prometheus - type: boolean - schema_registry: - description: Enable schema_registry - type: boolean - type: object - public_access: - description: Allow access to selected service ports from the public - Internet - properties: - kafka: - description: Allow clients to connect to kafka from the public - internet for service nodes that are in a project VPC or - another type of private network - type: boolean - kafka_connect: - description: Allow clients to connect to kafka_connect from - the public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - kafka_rest: - description: Allow clients to connect to kafka_rest from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - prometheus: - description: Allow clients to connect to prometheus from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - schema_registry: - description: Allow clients to connect to schema_registry from - the public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - type: object - schema_registry: - description: Enable Schema-Registry service - type: boolean - schema_registry_config: - description: Schema Registry configuration - properties: - leader_eligibility: - description: If true, Karapace / Schema Registry on the service - nodes can participate in leader election. It might be needed - to disable this when the schemas topic is replicated to - a secondary cluster and Karapace / Schema Registry there - must not participate in leader election. Defaults to `true`. - type: boolean - topic_name: - description: The durable single partition topic that acts - as the durable log for the data. This topic must be compacted - to avoid losing data due to retention policy. Please note - that changing this configuration in an existing Schema Registry - / Karapace setup leads to previous schemas being inaccessible, - data encoded with them potentially unreadable and schema - ID sequence put out of order. It's only possible to do the - switch while Schema Registry / Karapace is disabled. Defaults - to `_schemas`. - maxLength: 249 - minLength: 1 + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string + required: [lastTransitionTime, message, reason, status, type] type: object - service_log: - description: Store logs for the service so that they are available - in the HTTP API and console. - type: boolean - static_ips: - description: Use static public IP addresses - type: boolean - tiered_storage: - description: Tiered storage configuration - properties: - enabled: - description: Whether to enable the tiered storage functionality - type: boolean - local_cache: - description: Deprecated. Local cache configuration - properties: - size: - description: Deprecated. Local cache size in bytes - maximum: 107374182400 - minimum: 1 - type: integer - type: object - type: object - type: object - required: - - plan - - project - type: object - status: - description: ServiceStatus defines the observed state of service - properties: - conditions: - description: Conditions represent the latest available observations - of a service state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - state: - description: Service state - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + state: + description: Service state + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_kafkaschemas.yaml b/config/crd/bases/aiven.io_kafkaschemas.yaml index e96a87bc..c8eb2f16 100644 --- a/config/crd/bases/aiven.io_kafkaschemas.yaml +++ b/config/crd/bases/aiven.io_kafkaschemas.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: kafkaschemas.aiven.io + spec: group: aiven.io names: @@ -15,171 +17,158 @@ spec: singular: kafkaschema scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.serviceName - name: Service Name - type: string - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.subjectName - name: Subject - type: string - - jsonPath: .spec.compatibilityLevel - name: Compatibility Level - type: string - - jsonPath: .status.version - name: Version - type: number - name: v1alpha1 - schema: - openAPIV3Schema: - description: KafkaSchema is the Schema for the kafkaschemas API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaSchemaSpec defines the desired state of KafkaSchema - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - compatibilityLevel: - description: Kafka Schemas compatibility level - enum: - - BACKWARD - - BACKWARD_TRANSITIVE - - FORWARD - - FORWARD_TRANSITIVE - - FULL - - FULL_TRANSITIVE - - NONE - type: string - project: - description: Project to link the Kafka Schema to - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - schema: - description: Kafka Schema configuration should be a valid Avro Schema - JSON format - type: string - serviceName: - description: Service to link the Kafka Schema to - maxLength: 63 - type: string - subjectName: - description: Kafka Schema Subject name - maxLength: 63 - type: string - required: - - project - - schema - - serviceName - - subjectName - type: object - status: - description: KafkaSchemaStatus defines the observed state of KafkaSchema - properties: - conditions: - description: Conditions represent the latest available observations - of an KafkaSchema state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + - additionalPrinterColumns: + - jsonPath: .spec.serviceName + name: Service Name + type: string + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.subjectName + name: Subject + type: string + - jsonPath: .spec.compatibilityLevel + name: Compatibility Level + type: string + - jsonPath: .status.version + name: Version + type: number + name: v1alpha1 + schema: + openAPIV3Schema: + description: KafkaSchema is the Schema for the kafkaschemas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSchemaSpec defines the desired state of KafkaSchema + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 + key: minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + name: + minLength: 1 type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + required: [key, name] type: object - type: array - version: - description: Kafka Schema configuration version - type: integer - required: - - conditions - - version - type: object - type: object - served: true - storage: true - subresources: - status: {} + compatibilityLevel: + description: Kafka Schemas compatibility level + enum: + - BACKWARD + - BACKWARD_TRANSITIVE + - FORWARD + - FORWARD_TRANSITIVE + - FULL + - FULL_TRANSITIVE + - NONE + type: string + project: + description: Project to link the Kafka Schema to + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + schema: + description: Kafka Schema configuration should be a valid Avro Schema + JSON format + type: string + serviceName: + description: Service to link the Kafka Schema to + maxLength: 63 + type: string + subjectName: + description: Kafka Schema Subject name + maxLength: 63 + type: string + required: [project, schema, serviceName, subjectName] + type: object + status: + description: KafkaSchemaStatus defines the observed state of KafkaSchema + properties: + conditions: + description: Conditions represent the latest available observations + of an KafkaSchema state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + version: + description: Kafka Schema configuration version + type: integer + required: [conditions, version] + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_kafkatopics.yaml b/config/crd/bases/aiven.io_kafkatopics.yaml index b48be5eb..15e4ce20 100644 --- a/config/crd/bases/aiven.io_kafkatopics.yaml +++ b/config/crd/bases/aiven.io_kafkatopics.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: kafkatopics.aiven.io + spec: group: aiven.io names: @@ -15,280 +17,266 @@ spec: singular: kafkatopic scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.serviceName - name: Service Name - type: string - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.partitions - name: Partitions - type: string - - jsonPath: .spec.replication - name: Replication - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: KafkaTopic is the Schema for the kafkatopics API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaTopicSpec defines the desired state of KafkaTopic - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - config: - description: Kafka topic configuration - properties: - cleanup_policy: - description: cleanup.policy value - type: string - compression_type: - description: compression.type value - type: string - delete_retention_ms: - description: delete.retention.ms value - format: int64 - type: integer - file_delete_delay_ms: - description: file.delete.delay.ms value - format: int64 - type: integer - flush_messages: - description: flush.messages value - format: int64 - type: integer - flush_ms: - description: flush.ms value - format: int64 - type: integer - index_interval_bytes: - description: index.interval.bytes value - format: int64 - type: integer - max_compaction_lag_ms: - description: max.compaction.lag.ms value - format: int64 - type: integer - max_message_bytes: - description: max.message.bytes value - format: int64 - type: integer - message_downconversion_enable: - description: message.downconversion.enable value - type: boolean - message_format_version: - description: message.format.version value - type: string - message_timestamp_difference_max_ms: - description: message.timestamp.difference.max.ms value - format: int64 - type: integer - message_timestamp_type: - description: message.timestamp.type value - type: string - min_cleanable_dirty_ratio: - description: min.cleanable.dirty.ratio value - type: number - min_compaction_lag_ms: - description: min.compaction.lag.ms value - format: int64 - type: integer - min_insync_replicas: - description: min.insync.replicas value - format: int64 - type: integer - preallocate: - description: preallocate value - type: boolean - retention_bytes: - description: retention.bytes value - format: int64 - type: integer - retention_ms: - description: retention.ms value - format: int64 - type: integer - segment_bytes: - description: segment.bytes value - format: int64 - type: integer - segment_index_bytes: - description: segment.index.bytes value - format: int64 - type: integer - segment_jitter_ms: - description: segment.jitter.ms value - format: int64 - type: integer - segment_ms: - description: segment.ms value - format: int64 - type: integer - type: object - partitions: - description: Number of partitions to create in the topic - maximum: 1000000 - minimum: 1 - type: integer - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - replication: - description: Replication factor for the topic - minimum: 2 - type: integer - serviceName: - description: Service name. - maxLength: 63 - type: string - tags: - description: Kafka topic tags - items: + - additionalPrinterColumns: + - jsonPath: .spec.serviceName + name: Service Name + type: string + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.partitions + name: Partitions + type: string + - jsonPath: .spec.replication + name: Replication + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: KafkaTopic is the Schema for the kafkatopics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaTopicSpec defines the desired state of KafkaTopic + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: key: - format: ^[a-zA-Z0-9_-]*$ - maxLength: 64 minLength: 1 type: string - value: - format: ^[a-zA-Z0-9_-]*$ - maxLength: 256 + name: + minLength: 1 type: string - required: - - key + required: [key, name] type: object - type: array - termination_protection: - description: It is a Kubernetes side deletion protections, which prevents - the kafka topic from being deleted by Kubernetes. It is recommended - to enable this for any production databases containing critical - data. - type: boolean - topicName: - description: Topic name. If provided, is used instead of metadata.name. - This field supports additional characters, has a longer length, - and will replace metadata.name in future releases - maxLength: 249 - minLength: 1 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - required: - - partitions - - project - - replication - - serviceName - type: object - status: - description: KafkaTopicStatus defines the observed state of KafkaTopic - properties: - conditions: - description: Conditions represent the latest available observations - of an KafkaTopic state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + config: + description: Kafka topic configuration properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time + cleanup_policy: + description: cleanup.policy value type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 + compression_type: + description: compression.type value type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + delete_retention_ms: + description: delete.retention.ms value format: int64 - minimum: 0 type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown + file_delete_delay_ms: + description: file.delete.delay.ms value + format: int64 + type: integer + flush_messages: + description: flush.messages value + format: int64 + type: integer + flush_ms: + description: flush.ms value + format: int64 + type: integer + index_interval_bytes: + description: index.interval.bytes value + format: int64 + type: integer + max_compaction_lag_ms: + description: max.compaction.lag.ms value + format: int64 + type: integer + max_message_bytes: + description: max.message.bytes value + format: int64 + type: integer + message_downconversion_enable: + description: message.downconversion.enable value + type: boolean + message_format_version: + description: message.format.version value type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + message_timestamp_difference_max_ms: + description: message.timestamp.difference.max.ms value + format: int64 + type: integer + message_timestamp_type: + description: message.timestamp.type value type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + min_cleanable_dirty_ratio: + description: min.cleanable.dirty.ratio value + type: number + min_compaction_lag_ms: + description: min.compaction.lag.ms value + format: int64 + type: integer + min_insync_replicas: + description: min.insync.replicas value + format: int64 + type: integer + preallocate: + description: preallocate value + type: boolean + retention_bytes: + description: retention.bytes value + format: int64 + type: integer + retention_ms: + description: retention.ms value + format: int64 + type: integer + segment_bytes: + description: segment.bytes value + format: int64 + type: integer + segment_index_bytes: + description: segment.index.bytes value + format: int64 + type: integer + segment_jitter_ms: + description: segment.jitter.ms value + format: int64 + type: integer + segment_ms: + description: segment.ms value + format: int64 + type: integer type: object - type: array - state: - description: State represents the state of the kafka topic - type: string - required: - - conditions - - state - type: object - type: object - served: true - storage: true - subresources: - status: {} + partitions: + description: Number of partitions to create in the topic + maximum: 1000000 + minimum: 1 + type: integer + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + replication: + description: Replication factor for the topic + minimum: 2 + type: integer + serviceName: + description: Service name. + maxLength: 63 + type: string + tags: + description: Kafka topic tags + items: + properties: + key: + format: ^[a-zA-Z0-9_-]*$ + maxLength: 64 + minLength: 1 + type: string + value: + format: ^[a-zA-Z0-9_-]*$ + maxLength: 256 + type: string + required: [key] + type: object + type: array + termination_protection: + description: It is a Kubernetes side deletion protections, which + prevents the kafka topic from being deleted by Kubernetes. It + is recommended to enable this for any production databases containing + critical data. + type: boolean + topicName: + description: Topic name. If provided, is used instead of metadata.name. + This field supports additional characters, has a longer length, + and will replace metadata.name in future releases + maxLength: 249 + minLength: 1 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + required: [partitions, project, replication, serviceName] + type: object + status: + description: KafkaTopicStatus defines the observed state of KafkaTopic + properties: + conditions: + description: Conditions represent the latest available observations + of an KafkaTopic state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + state: + description: State represents the state of the kafka topic + type: string + required: [conditions, state] + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_mysqls.yaml b/config/crd/bases/aiven.io_mysqls.yaml index 635c30b8..3970d47a 100644 --- a/config/crd/bases/aiven.io_mysqls.yaml +++ b/config/crd/bases/aiven.io_mysqls.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: mysqls.aiven.io + spec: group: aiven.io names: @@ -15,658 +17,645 @@ spec: singular: mysql scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.cloudName - name: Region - type: string - - jsonPath: .spec.plan - name: Plan - type: string - - jsonPath: .status.state - name: State - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: MySQL is the Schema for the mysqls API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MySQLSpec defines the desired state of MySQL - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - cloudName: - description: Cloud the service runs in. - maxLength: 256 - type: string - connInfoSecretTarget: - description: 'Information regarding secret creation. Exposed keys: - `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, - `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`' - properties: - annotations: - additionalProperties: - type: string - description: Annotations added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - additionalProperties: - type: string - description: Labels added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: Name of the secret resource to be created. By default, - is equal to the resource name - type: string - prefix: - description: Prefix for the secret's keys. Added "as is" without - any transformations. By default, is equal to the kind name in - uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - type: string - required: - - name - type: object - disk_space: - description: The disk space of the service, possible values depend - on the service type, the cloud provider and the project. Reducing - will result in the service re-balancing. - format: ^[1-9][0-9]*(GiB|G)* - type: string - maintenanceWindowDow: - description: Day of week when maintenance operations should be performed. - One monday, tuesday, wednesday, etc. - enum: - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - - sunday - type: string - maintenanceWindowTime: - description: Time of day when maintenance operations should be performed. - UTC time in HH:mm:ss format. - maxLength: 8 - type: string - plan: - description: Subscription plan. - maxLength: 128 - type: string - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - projectVPCRef: - description: ProjectVPCRef reference to ProjectVPC resource to use - its ID as ProjectVPCID automatically - properties: - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - required: - - name - type: object - projectVpcId: - description: Identifier of the VPC the service should be in, if any. - maxLength: 36 - type: string - serviceIntegrations: - description: Service integrations to specify when creating a service. - Not applied after initial service creation - items: - description: Service integrations to specify when creating a service. - Not applied after initial service creation + - additionalPrinterColumns: + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.cloudName + name: Region + type: string + - jsonPath: .spec.plan + name: Plan + type: string + - jsonPath: .status.state + name: State + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: MySQL is the Schema for the mysqls API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MySQLSpec defines the desired state of MySQL + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - integrationType: - enum: - - read_replica + key: + minLength: 1 type: string - sourceServiceName: - maxLength: 64 + name: minLength: 1 type: string - required: - - integrationType - - sourceServiceName + required: [key, name] type: object - maxItems: 1 - type: array - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - tags: - additionalProperties: + cloudName: + description: Cloud the service runs in. + maxLength: 256 type: string - description: Tags are key-value pairs that allow you to categorize - services. - type: object - terminationProtection: - description: Prevent service from being deleted. It is recommended - to have this enabled for all services. - type: boolean - userConfig: - description: MySQL specific user configuration options - properties: - additional_backup_regions: - description: Additional Cloud Regions for Backup Replication - items: + connInfoSecretTarget: + description: 'Information regarding secret creation. Exposed keys: + `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, + `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`' + properties: + annotations: + additionalProperties: + type: string + description: Annotations added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: + type: string + description: Labels added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Name of the secret resource to be created. By default, + is equal to the resource name type: string - maxItems: 1 - type: array - admin_password: - description: Custom password for admin user. Defaults to random - string. This must be set only when a new service is being created. - maxLength: 256 - minLength: 8 - pattern: ^[a-zA-Z0-9-_]+$ - type: string - x-kubernetes-validations: + prefix: + description: Prefix for the secret's keys. Added "as is" without + any transformations. By default, is equal to the kind name + in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. + type: string + required: [name] + type: object + disk_space: + description: The disk space of the service, possible values depend + on the service type, the cloud provider and the project. Reducing + will result in the service re-balancing. + format: ^[1-9][0-9]*(GiB|G)* + type: string + maintenanceWindowDow: + description: Day of week when maintenance operations should be performed. + One monday, tuesday, wednesday, etc. + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + maintenanceWindowTime: + description: Time of day when maintenance operations should be performed. + UTC time in HH:mm:ss format. + maxLength: 8 + type: string + plan: + description: Subscription plan. + maxLength: 128 + type: string + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf - admin_username: - description: Custom username for admin user. This must be set - only when a new service is being created. - maxLength: 64 - pattern: ^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$ - type: string - x-kubernetes-validations: + projectVPCRef: + description: ProjectVPCRef reference to ProjectVPC resource to use + its ID as ProjectVPCID automatically + properties: + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + required: [name] + type: object + projectVpcId: + description: Identifier of the VPC the service should be in, if + any. + maxLength: 36 + type: string + serviceIntegrations: + description: Service integrations to specify when creating a service. + Not applied after initial service creation + items: + description: Service integrations to specify when creating a service. + Not applied after initial service creation + properties: + integrationType: + enum: [read_replica] + type: string + sourceServiceName: + maxLength: 64 + minLength: 1 + type: string + required: [integrationType, sourceServiceName] + type: object + maxItems: 1 + type: array + x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf - backup_hour: - description: The hour of day (in UTC) when backup for the service - is started. New backup is only started if previous backup has - already completed. - maximum: 23 - minimum: 0 - type: integer - backup_minute: - description: The minute of an hour when backup for the service - is started. New backup is only started if previous backup has - already completed. - maximum: 59 - minimum: 0 - type: integer - binlog_retention_period: - description: The minimum amount of time in seconds to keep binlog - entries before deletion. This may be extended for services that - require binlog entries for longer than the default for example - if using the MySQL Debezium Kafka connector. - maximum: 86400 - minimum: 600 - type: integer - ip_filter: - description: Allow incoming connections from CIDR address block, - e.g. '10.20.0.0/16' - items: - description: CIDR address block, either as a string, or in a - dict with an optional description field + tags: + additionalProperties: + type: string + description: Tags are key-value pairs that allow you to categorize + services. + type: object + terminationProtection: + description: Prevent service from being deleted. It is recommended + to have this enabled for all services. + type: boolean + userConfig: + description: MySQL specific user configuration options + properties: + additional_backup_regions: + description: Additional Cloud Regions for Backup Replication + items: + type: string + maxItems: 1 + type: array + admin_password: + description: Custom password for admin user. Defaults to random + string. This must be set only when a new service is being + created. + maxLength: 256 + minLength: 8 + pattern: ^[a-zA-Z0-9-_]+$ + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + admin_username: + description: Custom username for admin user. This must be set + only when a new service is being created. + maxLength: 64 + pattern: ^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$ + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + backup_hour: + description: The hour of day (in UTC) when backup for the service + is started. New backup is only started if previous backup + has already completed. + maximum: 23 + minimum: 0 + type: integer + backup_minute: + description: The minute of an hour when backup for the service + is started. New backup is only started if previous backup + has already completed. + maximum: 59 + minimum: 0 + type: integer + binlog_retention_period: + description: The minimum amount of time in seconds to keep binlog + entries before deletion. This may be extended for services + that require binlog entries for longer than the default for + example if using the MySQL Debezium Kafka connector. + maximum: 86400 + minimum: 600 + type: integer + ip_filter: + description: Allow incoming connections from CIDR address block, + e.g. '10.20.0.0/16' + items: + description: CIDR address block, either as a string, or in + a dict with an optional description field + properties: + description: + description: Description for IP filter list entry + maxLength: 1024 + type: string + network: + description: CIDR address block + maxLength: 43 + type: string + required: [network] + type: object + maxItems: 1024 + type: array + migration: + description: Migrate data from existing server properties: - description: - description: Description for IP filter list entry + dbname: + description: Database name for bootstrapping the initial + connection + maxLength: 63 + type: string + host: + description: Hostname or IP address of the server where + to migrate data from + maxLength: 255 + type: string + ignore_dbs: + description: Comma-separated list of databases, which should + be ignored during migration (supported by MySQL and PostgreSQL + only at the moment) + maxLength: 2048 + type: string + method: + description: The migration method to be used (currently + supported only by Redis, Dragonfly, MySQL and PostgreSQL + service types) + enum: [dump, replication] + type: string + password: + description: Password for authentication with the server + where to migrate data from + maxLength: 256 + type: string + port: + description: Port number of the server where to migrate + data from + maximum: 65535 + minimum: 1 + type: integer + ssl: + description: The server where to migrate data from is secured + with SSL + type: boolean + username: + description: User name for authentication with the server + where to migrate data from + maxLength: 256 + type: string + required: [host, port] + type: object + mysql: + description: mysql.conf configuration values + properties: + connect_timeout: + description: The number of seconds that the mysqld server + waits for a connect packet before responding with Bad + handshake + maximum: 3600 + minimum: 2 + type: integer + default_time_zone: + description: Default server time zone as an offset from + UTC (from -12:00 to +12:00), a time zone name, or 'SYSTEM' + to use the MySQL server default. + maxLength: 100 + minLength: 2 + type: string + group_concat_max_len: + description: The maximum permitted result length in bytes + for the GROUP_CONCAT() function. + minimum: 4 + type: integer + information_schema_stats_expiry: + description: The time, in seconds, before cached statistics + expire + maximum: 31536000 + minimum: 900 + type: integer + innodb_change_buffer_max_size: + description: Maximum size for the InnoDB change buffer, + as a percentage of the total size of the buffer pool. + Default is 25 + maximum: 50 + minimum: 0 + type: integer + innodb_flush_neighbors: + description: 'Specifies whether flushing a page from the + InnoDB buffer pool also flushes other dirty pages in the + same extent (default is 1): 0 - dirty pages in the same + extent are not flushed, 1 - flush contiguous dirty pages + in the same extent, 2 - flush dirty pages in the same + extent' + maximum: 2 + minimum: 0 + type: integer + innodb_ft_min_token_size: + description: Minimum length of words that are stored in + an InnoDB FULLTEXT index. Changing this parameter will + lead to a restart of the MySQL service. + maximum: 16 + minimum: 0 + type: integer + innodb_ft_server_stopword_table: + description: This option is used to specify your own InnoDB + FULLTEXT index stopword list for all InnoDB tables. maxLength: 1024 + pattern: ^.+/.+$ type: string - network: - description: CIDR address block - maxLength: 43 + innodb_lock_wait_timeout: + description: The length of time in seconds an InnoDB transaction + waits for a row lock before giving up. Default is 120. + maximum: 3600 + minimum: 1 + type: integer + innodb_log_buffer_size: + description: The size in bytes of the buffer that InnoDB + uses to write to the log files on disk. + maximum: 4294967295 + minimum: 1048576 + type: integer + innodb_online_alter_log_max_size: + description: The upper limit in bytes on the size of the + temporary log files used during online DDL operations + for InnoDB tables. + maximum: 1099511627776 + minimum: 65536 + type: integer + innodb_print_all_deadlocks: + description: When enabled, information about all deadlocks + in InnoDB user transactions is recorded in the error log. + Disabled by default. + type: boolean + innodb_read_io_threads: + description: The number of I/O threads for read operations + in InnoDB. Default is 4. Changing this parameter will + lead to a restart of the MySQL service. + maximum: 64 + minimum: 1 + type: integer + innodb_rollback_on_timeout: + description: When enabled a transaction timeout causes InnoDB + to abort and roll back the entire transaction. Changing + this parameter will lead to a restart of the MySQL service. + type: boolean + innodb_thread_concurrency: + description: Defines the maximum number of threads permitted + inside of InnoDB. Default is 0 (infinite concurrency - + false limit) + maximum: 1000 + minimum: 0 + type: integer + innodb_write_io_threads: + description: The number of I/O threads for write operations + in InnoDB. Default is 4. Changing this parameter will + lead to a restart of the MySQL service. + maximum: 64 + minimum: 1 + type: integer + interactive_timeout: + description: The number of seconds the server waits for + activity on an interactive connection before closing it. + maximum: 604800 + minimum: 30 + type: integer + internal_tmp_mem_storage_engine: + description: The storage engine for in-memory internal temporary + tables. + enum: [TempTable, MEMORY] + type: string + long_query_time: + description: The slow_query_logs work as SQL statements + that take more than long_query_time seconds to execute. + Default is 10s + maximum: 3600 + minimum: 0 + type: number + max_allowed_packet: + description: Size of the largest message in bytes that can + be received by the server. Default is 67108864 (64M) + maximum: 1073741824 + minimum: 102400 + type: integer + max_heap_table_size: + description: Limits the size of internal in-memory tables. + Also set tmp_table_size. Default is 16777216 (16M) + maximum: 1073741824 + minimum: 1048576 + type: integer + net_buffer_length: + description: Start sizes of connection buffer and result + buffer. Default is 16384 (16K). Changing this parameter + will lead to a restart of the MySQL service. + maximum: 1048576 + minimum: 1024 + type: integer + net_read_timeout: + description: The number of seconds to wait for more data + from a connection before aborting the read. + maximum: 3600 + minimum: 1 + type: integer + net_write_timeout: + description: The number of seconds to wait for a block to + be written to a connection before aborting the write. + maximum: 3600 + minimum: 1 + type: integer + slow_query_log: + description: Slow query log enables capturing of slow queries. + Setting slow_query_log to false also truncates the mysql.slow_log + table. Default is off + type: boolean + sort_buffer_size: + description: Sort buffer size in bytes for ORDER BY optimization. + Default is 262144 (256K) + maximum: 1073741824 + minimum: 32768 + type: integer + sql_mode: + description: Global SQL mode. Set to empty to use MySQL + server defaults. When creating a new service and not setting + this field Aiven default SQL mode (strict, SQL standard + compliant) will be assigned. + maxLength: 1024 + pattern: ^[A-Z_]*(,[A-Z_]+)*$ type: string - required: - - network + sql_require_primary_key: + description: Require primary key to be defined for new tables + or old tables modified with ALTER TABLE and fail if missing. + It is recommended to always have primary keys because + various functionality may break if any large table is + missing them. + type: boolean + tmp_table_size: + description: Limits the size of internal in-memory tables. + Also set max_heap_table_size. Default is 16777216 (16M) + maximum: 1073741824 + minimum: 1048576 + type: integer + wait_timeout: + description: The number of seconds the server waits for + activity on a noninteractive connection before closing + it. + maximum: 2147483 + minimum: 1 + type: integer + type: object + mysql_version: + description: MySQL major version + enum: ['8'] + type: string + private_access: + description: Allow access to selected service ports from private + networks + properties: + mysql: + description: Allow clients to connect to mysql with a DNS + name that always resolves to the service's private IP + addresses. Only available in certain network locations + type: boolean + mysqlx: + description: Allow clients to connect to mysqlx with a DNS + name that always resolves to the service's private IP + addresses. Only available in certain network locations + type: boolean + prometheus: + description: Allow clients to connect to prometheus with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + type: object + privatelink_access: + description: Allow access to selected service components through + Privatelink + properties: + mysql: + description: Enable mysql + type: boolean + mysqlx: + description: Enable mysqlx + type: boolean + prometheus: + description: Enable prometheus + type: boolean type: object - maxItems: 1024 - type: array - migration: - description: Migrate data from existing server + project_to_fork_from: + description: Name of another project to fork a service from. + This has effect only when a new service is being created. + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + public_access: + description: Allow access to selected service ports from the + public Internet + properties: + mysql: + description: Allow clients to connect to mysql from the + public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + mysqlx: + description: Allow clients to connect to mysqlx from the + public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + prometheus: + description: Allow clients to connect to prometheus from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + type: object + recovery_target_time: + description: Recovery target time when forking a service. This + has effect only when a new service is being created. + maxLength: 32 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + service_log: + description: Store logs for the service so that they are available + in the HTTP API and console. + type: boolean + service_to_fork_from: + description: Name of another service to fork from. This has + effect only when a new service is being created. + maxLength: 64 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + static_ips: + description: Use static public IP addresses + type: boolean + type: object + required: [plan, project] + type: object + status: + description: ServiceStatus defines the observed state of service + properties: + conditions: + description: Conditions represent the latest available observations + of a service state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" properties: - dbname: - description: Database name for bootstrapping the initial connection - maxLength: 63 - type: string - host: - description: Hostname or IP address of the server where to - migrate data from - maxLength: 255 + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time type: string - ignore_dbs: - description: Comma-separated list of databases, which should - be ignored during migration (supported by MySQL and PostgreSQL - only at the moment) - maxLength: 2048 - type: string - method: - description: The migration method to be used (currently supported - only by Redis, Dragonfly, MySQL and PostgreSQL service types) - enum: - - dump - - replication - type: string - password: - description: Password for authentication with the server where - to migrate data from - maxLength: 256 - type: string - port: - description: Port number of the server where to migrate data - from - maximum: 65535 - minimum: 1 - type: integer - ssl: - description: The server where to migrate data from is secured - with SSL - type: boolean - username: - description: User name for authentication with the server - where to migrate data from - maxLength: 256 - type: string - required: - - host - - port - type: object - mysql: - description: mysql.conf configuration values - properties: - connect_timeout: - description: The number of seconds that the mysqld server - waits for a connect packet before responding with Bad handshake - maximum: 3600 - minimum: 2 - type: integer - default_time_zone: - description: Default server time zone as an offset from UTC - (from -12:00 to +12:00), a time zone name, or 'SYSTEM' to - use the MySQL server default. - maxLength: 100 - minLength: 2 + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 type: string - group_concat_max_len: - description: The maximum permitted result length in bytes - for the GROUP_CONCAT() function. - minimum: 4 - type: integer - information_schema_stats_expiry: - description: The time, in seconds, before cached statistics - expire - maximum: 31536000 - minimum: 900 - type: integer - innodb_change_buffer_max_size: - description: Maximum size for the InnoDB change buffer, as - a percentage of the total size of the buffer pool. Default - is 25 - maximum: 50 + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 minimum: 0 type: integer - innodb_flush_neighbors: - description: 'Specifies whether flushing a page from the InnoDB - buffer pool also flushes other dirty pages in the same extent - (default is 1): 0 - dirty pages in the same extent are not - flushed, 1 - flush contiguous dirty pages in the same extent, 2 - - flush dirty pages in the same extent' - maximum: 2 - minimum: 0 - type: integer - innodb_ft_min_token_size: - description: Minimum length of words that are stored in an - InnoDB FULLTEXT index. Changing this parameter will lead - to a restart of the MySQL service. - maximum: 16 - minimum: 0 - type: integer - innodb_ft_server_stopword_table: - description: This option is used to specify your own InnoDB - FULLTEXT index stopword list for all InnoDB tables. + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. maxLength: 1024 - pattern: ^.+/.+$ + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - innodb_lock_wait_timeout: - description: The length of time in seconds an InnoDB transaction - waits for a row lock before giving up. Default is 120. - maximum: 3600 - minimum: 1 - type: integer - innodb_log_buffer_size: - description: The size in bytes of the buffer that InnoDB uses - to write to the log files on disk. - maximum: 4294967295 - minimum: 1048576 - type: integer - innodb_online_alter_log_max_size: - description: The upper limit in bytes on the size of the temporary - log files used during online DDL operations for InnoDB tables. - maximum: 1099511627776 - minimum: 65536 - type: integer - innodb_print_all_deadlocks: - description: When enabled, information about all deadlocks - in InnoDB user transactions is recorded in the error log. - Disabled by default. - type: boolean - innodb_read_io_threads: - description: The number of I/O threads for read operations - in InnoDB. Default is 4. Changing this parameter will lead - to a restart of the MySQL service. - maximum: 64 - minimum: 1 - type: integer - innodb_rollback_on_timeout: - description: When enabled a transaction timeout causes InnoDB - to abort and roll back the entire transaction. Changing - this parameter will lead to a restart of the MySQL service. - type: boolean - innodb_thread_concurrency: - description: Defines the maximum number of threads permitted - inside of InnoDB. Default is 0 (infinite concurrency - no - limit) - maximum: 1000 - minimum: 0 - type: integer - innodb_write_io_threads: - description: The number of I/O threads for write operations - in InnoDB. Default is 4. Changing this parameter will lead - to a restart of the MySQL service. - maximum: 64 - minimum: 1 - type: integer - interactive_timeout: - description: The number of seconds the server waits for activity - on an interactive connection before closing it. - maximum: 604800 - minimum: 30 - type: integer - internal_tmp_mem_storage_engine: - description: The storage engine for in-memory internal temporary - tables. - enum: - - TempTable - - MEMORY + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] type: string - long_query_time: - description: The slow_query_logs work as SQL statements that - take more than long_query_time seconds to execute. Default - is 10s - maximum: 3600 - minimum: 0 - type: number - max_allowed_packet: - description: Size of the largest message in bytes that can - be received by the server. Default is 67108864 (64M) - maximum: 1073741824 - minimum: 102400 - type: integer - max_heap_table_size: - description: Limits the size of internal in-memory tables. - Also set tmp_table_size. Default is 16777216 (16M) - maximum: 1073741824 - minimum: 1048576 - type: integer - net_buffer_length: - description: Start sizes of connection buffer and result buffer. - Default is 16384 (16K). Changing this parameter will lead - to a restart of the MySQL service. - maximum: 1048576 - minimum: 1024 - type: integer - net_read_timeout: - description: The number of seconds to wait for more data from - a connection before aborting the read. - maximum: 3600 - minimum: 1 - type: integer - net_write_timeout: - description: The number of seconds to wait for a block to - be written to a connection before aborting the write. - maximum: 3600 - minimum: 1 - type: integer - slow_query_log: - description: Slow query log enables capturing of slow queries. - Setting slow_query_log to false also truncates the mysql.slow_log - table. Default is off - type: boolean - sort_buffer_size: - description: Sort buffer size in bytes for ORDER BY optimization. - Default is 262144 (256K) - maximum: 1073741824 - minimum: 32768 - type: integer - sql_mode: - description: Global SQL mode. Set to empty to use MySQL server - defaults. When creating a new service and not setting this - field Aiven default SQL mode (strict, SQL standard compliant) - will be assigned. - maxLength: 1024 - pattern: ^[A-Z_]*(,[A-Z_]+)*$ + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string - sql_require_primary_key: - description: Require primary key to be defined for new tables - or old tables modified with ALTER TABLE and fail if missing. - It is recommended to always have primary keys because various - functionality may break if any large table is missing them. - type: boolean - tmp_table_size: - description: Limits the size of internal in-memory tables. - Also set max_heap_table_size. Default is 16777216 (16M) - maximum: 1073741824 - minimum: 1048576 - type: integer - wait_timeout: - description: The number of seconds the server waits for activity - on a noninteractive connection before closing it. - maximum: 2147483 - minimum: 1 - type: integer - type: object - mysql_version: - description: MySQL major version - enum: - - "8" - type: string - private_access: - description: Allow access to selected service ports from private - networks - properties: - mysql: - description: Allow clients to connect to mysql with a DNS - name that always resolves to the service's private IP addresses. - Only available in certain network locations - type: boolean - mysqlx: - description: Allow clients to connect to mysqlx with a DNS - name that always resolves to the service's private IP addresses. - Only available in certain network locations - type: boolean - prometheus: - description: Allow clients to connect to prometheus with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - type: object - privatelink_access: - description: Allow access to selected service components through - Privatelink - properties: - mysql: - description: Enable mysql - type: boolean - mysqlx: - description: Enable mysqlx - type: boolean - prometheus: - description: Enable prometheus - type: boolean - type: object - project_to_fork_from: - description: Name of another project to fork a service from. This - has effect only when a new service is being created. - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - public_access: - description: Allow access to selected service ports from the public - Internet - properties: - mysql: - description: Allow clients to connect to mysql from the public - internet for service nodes that are in a project VPC or - another type of private network - type: boolean - mysqlx: - description: Allow clients to connect to mysqlx from the public - internet for service nodes that are in a project VPC or - another type of private network - type: boolean - prometheus: - description: Allow clients to connect to prometheus from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean + required: [lastTransitionTime, message, reason, status, type] type: object - recovery_target_time: - description: Recovery target time when forking a service. This - has effect only when a new service is being created. - maxLength: 32 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - service_log: - description: Store logs for the service so that they are available - in the HTTP API and console. - type: boolean - service_to_fork_from: - description: Name of another service to fork from. This has effect - only when a new service is being created. - maxLength: 64 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - static_ips: - description: Use static public IP addresses - type: boolean - type: object - required: - - plan - - project - type: object - status: - description: ServiceStatus defines the observed state of service - properties: - conditions: - description: Conditions represent the latest available observations - of a service state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - state: - description: Service state - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + state: + description: Service state + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_opensearches.yaml b/config/crd/bases/aiven.io_opensearches.yaml index 84218dae..c214a6b3 100644 --- a/config/crd/bases/aiven.io_opensearches.yaml +++ b/config/crd/bases/aiven.io_opensearches.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: opensearches.aiven.io + spec: group: aiven.io names: @@ -15,945 +17,921 @@ spec: singular: opensearch scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: OpenSearch is the Schema for the opensearches API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OpenSearchSpec defines the desired state of OpenSearch - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - cloudName: - description: Cloud the service runs in. - maxLength: 256 - type: string - connInfoSecretTarget: - description: 'Information regarding secret creation. Exposed keys: - `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`' - properties: - annotations: - additionalProperties: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OpenSearch is the Schema for the opensearches API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OpenSearchSpec defines the desired state of OpenSearch + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret + properties: + key: + minLength: 1 type: string - description: Annotations added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - additionalProperties: + name: + minLength: 1 type: string - description: Labels added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: Name of the secret resource to be created. By default, - is equal to the resource name - type: string - prefix: - description: Prefix for the secret's keys. Added "as is" without - any transformations. By default, is equal to the kind name in - uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - type: string - required: - - name - type: object - disk_space: - description: The disk space of the service, possible values depend - on the service type, the cloud provider and the project. Reducing - will result in the service re-balancing. - format: ^[1-9][0-9]*(GiB|G)* - type: string - maintenanceWindowDow: - description: Day of week when maintenance operations should be performed. - One monday, tuesday, wednesday, etc. - enum: - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - - sunday - type: string - maintenanceWindowTime: - description: Time of day when maintenance operations should be performed. - UTC time in HH:mm:ss format. - maxLength: 8 - type: string - plan: - description: Subscription plan. - maxLength: 128 - type: string - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - projectVPCRef: - description: ProjectVPCRef reference to ProjectVPC resource to use - its ID as ProjectVPCID automatically - properties: - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - required: - - name - type: object - projectVpcId: - description: Identifier of the VPC the service should be in, if any. - maxLength: 36 - type: string - serviceIntegrations: - description: Service integrations to specify when creating a service. - Not applied after initial service creation - items: - description: Service integrations to specify when creating a service. - Not applied after initial service creation + required: [key, name] + type: object + cloudName: + description: Cloud the service runs in. + maxLength: 256 + type: string + connInfoSecretTarget: + description: 'Information regarding secret creation. Exposed keys: + `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`' properties: - integrationType: - enum: - - read_replica + annotations: + additionalProperties: + type: string + description: Annotations added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: + type: string + description: Labels added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Name of the secret resource to be created. By default, + is equal to the resource name type: string - sourceServiceName: - maxLength: 64 - minLength: 1 + prefix: + description: Prefix for the secret's keys. Added "as is" without + any transformations. By default, is equal to the kind name + in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. type: string - required: - - integrationType - - sourceServiceName + required: [name] type: object - maxItems: 1 - type: array - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - tags: - additionalProperties: + disk_space: + description: The disk space of the service, possible values depend + on the service type, the cloud provider and the project. Reducing + will result in the service re-balancing. + format: ^[1-9][0-9]*(GiB|G)* + type: string + maintenanceWindowDow: + description: Day of week when maintenance operations should be performed. + One monday, tuesday, wednesday, etc. + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + maintenanceWindowTime: + description: Time of day when maintenance operations should be performed. + UTC time in HH:mm:ss format. + maxLength: 8 + type: string + plan: + description: Subscription plan. + maxLength: 128 type: string - description: Tags are key-value pairs that allow you to categorize - services. - type: object - terminationProtection: - description: Prevent service from being deleted. It is recommended - to have this enabled for all services. - type: boolean - userConfig: - description: OpenSearch specific user configuration options - properties: - additional_backup_regions: - description: Additional Cloud Regions for Backup Replication - items: + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + projectVPCRef: + description: ProjectVPCRef reference to ProjectVPC resource to use + its ID as ProjectVPCID automatically + properties: + name: + minLength: 1 + type: string + namespace: + minLength: 1 type: string - maxItems: 1 - type: array - custom_domain: - description: Serve the web frontend using a custom CNAME pointing - to the Aiven DNS name - maxLength: 255 + required: [name] + type: object + projectVpcId: + description: Identifier of the VPC the service should be in, if + any. + maxLength: 36 + type: string + serviceIntegrations: + description: Service integrations to specify when creating a service. + Not applied after initial service creation + items: + description: Service integrations to specify when creating a service. + Not applied after initial service creation + properties: + integrationType: + enum: [read_replica] + type: string + sourceServiceName: + maxLength: 64 + minLength: 1 + type: string + required: [integrationType, sourceServiceName] + type: object + maxItems: 1 + type: array + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + tags: + additionalProperties: type: string - disable_replication_factor_adjustment: - description: 'DEPRECATED: Disable automatic replication factor - adjustment for multi-node services. By default, Aiven ensures - all indexes are replicated at least to two nodes. Note: Due - to potential data loss in case of losing a service node, this - setting can no longer be activated.' - type: boolean - index_patterns: - description: Index patterns - items: - description: 'Allows you to create glob style patterns and set - a max number of indexes matching this pattern you want to - keep. Creating indexes exceeding this value will cause the - oldest one to get deleted. You could for example create a - pattern looking like ''logs.?'' and then create index logs.1, - logs.2 etc, it will delete logs.1 once you create logs.6. - Do note ''logs.?'' does not apply to logs.10. Note: Setting - max_index_count to 0 will do nothing and the pattern gets - ignored.' + description: Tags are key-value pairs that allow you to categorize + services. + type: object + terminationProtection: + description: Prevent service from being deleted. It is recommended + to have this enabled for all services. + type: boolean + userConfig: + description: OpenSearch specific user configuration options + properties: + additional_backup_regions: + description: Additional Cloud Regions for Backup Replication + items: + type: string + maxItems: 1 + type: array + custom_domain: + description: Serve the web frontend using a custom CNAME pointing + to the Aiven DNS name + maxLength: 255 + type: string + disable_replication_factor_adjustment: + description: 'DEPRECATED: Disable automatic replication factor + adjustment for multi-node services. By default, Aiven ensures + all indexes are replicated at least to two nodes. Note: Due + to potential data loss in case of losing a service node, this + setting can no longer be activated.' + type: boolean + index_patterns: + description: Index patterns + items: + description: "Allows you to create glob style patterns and\ + \ set a max number of indexes matching this pattern you\ + \ want to keep. Creating indexes exceeding this value will\ + \ cause the oldest one to get deleted. You could for example\ + \ create a pattern looking like 'logs.?' and then create\ + \ index logs.1, logs.2 etc, it will delete logs.1 once you\ + \ create logs.6. Do note 'logs.?' does not apply to logs.10.\ + \ Note: Setting max_index_count to 0 will do nothing and\ + \ the pattern gets ignored." + properties: + max_index_count: + description: Maximum number of indexes to keep + minimum: 0 + type: integer + pattern: + description: fnmatch pattern + maxLength: 1024 + pattern: ^[A-Za-z0-9-_.*?]+$ + type: string + sorting_algorithm: + description: Deletion sorting algorithm + enum: [alphabetical, creation_date] + type: string + required: [max_index_count, pattern] + type: object + maxItems: 512 + type: array + index_template: + description: Template settings for all new indexes properties: - max_index_count: - description: Maximum number of indexes to keep + mapping_nested_objects_limit: + description: The maximum number of nested JSON objects that + a single document can contain across all nested types. + This limit helps to prevent out of memory errors when + a document contains too many nested objects. Default is + 10000. + maximum: 100000 + minimum: 0 + type: integer + number_of_replicas: + description: The number of replicas each primary shard has. + maximum: 29 minimum: 0 type: integer - pattern: - description: fnmatch pattern + number_of_shards: + description: The number of primary shards that an index + should have. + maximum: 1024 + minimum: 1 + type: integer + type: object + ip_filter: + description: Allow incoming connections from CIDR address block, + e.g. '10.20.0.0/16' + items: + description: CIDR address block, either as a string, or in + a dict with an optional description field + properties: + description: + description: Description for IP filter list entry + maxLength: 1024 + type: string + network: + description: CIDR address block + maxLength: 43 + type: string + required: [network] + type: object + maxItems: 1024 + type: array + keep_index_refresh_interval: + description: Aiven automation resets index.refresh_interval + to default value for every index to be sure that indices are + always visible to search. If it doesn't fit your case, you + can disable this by setting up this flag to true. + type: boolean + max_index_count: + description: 'DEPRECATED: use index_patterns instead' + minimum: 0 + type: integer + openid: + description: OpenSearch OpenID Connect Configuration + properties: + client_id: + description: The ID of the OpenID Connect client configured + in your IdP. Required. maxLength: 1024 - pattern: ^[A-Za-z0-9-_.*?]+$ + minLength: 1 type: string - sorting_algorithm: - description: Deletion sorting algorithm - enum: - - alphabetical - - creation_date + client_secret: + description: The client secret of the OpenID Connect client + configured in your IdP. Required. + maxLength: 1024 + minLength: 1 + type: string + connect_url: + description: The URL of your IdP where the Security plugin + can find the OpenID Connect metadata/configuration settings. + maxLength: 2048 + type: string + enabled: + description: Enables or disables OpenID Connect authentication + for OpenSearch. When enabled, users can authenticate using + OpenID Connect with an Identity Provider. + type: boolean + header: + description: HTTP header name of the JWT token. Optional. + Default is Authorization. + maxLength: 1024 + minLength: 1 type: string - required: - - max_index_count - - pattern + jwt_header: + description: 'The HTTP header that stores the token. Typically + the Authorization header with the Bearer schema: Authorization: + Bearer . Optional. Default is Authorization.' + maxLength: 1024 + minLength: 1 + type: string + jwt_url_parameter: + description: If the token is not transmitted in the HTTP + header, but as an URL parameter, define the name of the + parameter here. Optional. + maxLength: 1024 + minLength: 1 + type: string + refresh_rate_limit_count: + description: The maximum number of unknown key IDs in the + time frame. Default is 10. Optional. + minimum: 10 + type: integer + refresh_rate_limit_time_window_ms: + description: The time frame to use when checking the maximum + number of unknown key IDs, in milliseconds. Optional.Default + is 10000 (10 seconds). + minimum: 10000 + type: integer + roles_key: + description: The key in the JSON payload that stores the + user’s roles. The value of this key must be a comma-separated + list of roles. Required only if you want to use roles + in the JWT + maxLength: 1024 + minLength: 1 + type: string + scope: + description: The scope of the identity token issued by the + IdP. Optional. Default is openid profile email address + phone. + maxLength: 1024 + minLength: 1 + type: string + subject_key: + description: The key in the JSON payload that stores the + user’s name. If not defined, the subject registered claim + is used. Most IdP providers use the preferred_username + claim. Optional. + maxLength: 1024 + minLength: 1 + type: string + required: [client_id, client_secret, connect_url] type: object - maxItems: 512 - type: array - index_template: - description: Template settings for all new indexes - properties: - mapping_nested_objects_limit: - description: The maximum number of nested JSON objects that - a single document can contain across all nested types. This - limit helps to prevent out of memory errors when a document - contains too many nested objects. Default is 10000. - maximum: 100000 - minimum: 0 - type: integer - number_of_replicas: - description: The number of replicas each primary shard has. - maximum: 29 - minimum: 0 - type: integer - number_of_shards: - description: The number of primary shards that an index should - have. - maximum: 1024 - minimum: 1 - type: integer - type: object - ip_filter: - description: Allow incoming connections from CIDR address block, - e.g. '10.20.0.0/16' - items: - description: CIDR address block, either as a string, or in a - dict with an optional description field + opensearch: + description: OpenSearch settings properties: - description: - description: Description for IP filter list entry + action_auto_create_index_enabled: + description: Explicitly allow or block automatic creation + of indices. Defaults to true + type: boolean + action_destructive_requires_name: + description: Require explicit index names when deleting + type: boolean + auth_failure_listeners: + description: Opensearch Security Plugin Settings + properties: + internal_authentication_backend_limiting: + properties: + allowed_tries: + description: The number of login attempts allowed + before login is blocked + maximum: 2147483647 + minimum: 0 + type: integer + authentication_backend: + description: internal_authentication_backend_limiting.authentication_backend + enum: [internal] + maxLength: 1024 + type: string + block_expiry_seconds: + description: The duration of time that login remains + blocked after a failed login + maximum: 2147483647 + minimum: 0 + type: integer + max_blocked_clients: + description: internal_authentication_backend_limiting.max_blocked_clients + maximum: 2147483647 + minimum: 0 + type: integer + max_tracked_clients: + description: The maximum number of tracked IP addresses + that have failed login + maximum: 2147483647 + minimum: 0 + type: integer + time_window_seconds: + description: The window of time in which the value + for `allowed_tries` is enforced + maximum: 2147483647 + minimum: 0 + type: integer + type: + description: internal_authentication_backend_limiting.type + enum: [username] + maxLength: 1024 + type: string + type: object + ip_rate_limiting: + description: IP address rate limiting settings + properties: + allowed_tries: + description: The number of login attempts allowed + before login is blocked + maximum: 2147483647 + minimum: 1 + type: integer + block_expiry_seconds: + description: The duration of time that login remains + blocked after a failed login + maximum: 36000 + minimum: 1 + type: integer + max_blocked_clients: + description: The maximum number of blocked IP addresses + maximum: 2147483647 + minimum: 0 + type: integer + max_tracked_clients: + description: The maximum number of tracked IP addresses + that have failed login + maximum: 2147483647 + minimum: 0 + type: integer + time_window_seconds: + description: The window of time in which the value + for `allowed_tries` is enforced + maximum: 36000 + minimum: 1 + type: integer + type: + description: The type of rate limiting + enum: [ip] + maxLength: 1024 + type: string + type: object + type: object + cluster_max_shards_per_node: + description: Controls the number of shards allowed in the + cluster per data node + maximum: 10000 + minimum: 100 + type: integer + cluster_routing_allocation_node_concurrent_recoveries: + description: How many concurrent incoming/outgoing shard + recoveries (normally replicas) are allowed to happen on + a node. Defaults to 2. + maximum: 16 + minimum: 2 + type: integer + email_sender_name: + description: Sender name placeholder to be used in Opensearch + Dashboards and Opensearch keystore + maxLength: 40 + pattern: ^[a-zA-Z0-9-_]+$ + type: string + email_sender_password: + description: Sender password for Opensearch alerts to authenticate + with SMTP server maxLength: 1024 + pattern: ^[^\x00-\x1F]+$ + type: string + email_sender_username: + description: Sender username for Opensearch alerts + maxLength: 320 + pattern: ^[^\x00-\x1F]+$ type: string - network: - description: CIDR address block - maxLength: 43 + enable_security_audit: + description: Enable/Disable security audit + type: boolean + http_max_content_length: + description: Maximum content length for HTTP requests to + the OpenSearch HTTP API, in bytes. + maximum: 2147483647 + minimum: 1 + type: integer + http_max_header_size: + description: The max size of allowed headers, in bytes + maximum: 262144 + minimum: 1024 + type: integer + http_max_initial_line_length: + description: The max length of an HTTP URL, in bytes + maximum: 65536 + minimum: 1024 + type: integer + indices_fielddata_cache_size: + description: Relative amount. Maximum amount of heap memory + used for field data cache. This is an expert setting; + decreasing the value too much will increase overhead of + loading field data; too much memory used for field data + cache will decrease amount of heap available for other + operations. + maximum: 100 + minimum: 3 + type: integer + indices_memory_index_buffer_size: + description: Percentage value. Default is 10%. Total amount + of heap used for indexing buffer, before writing segments + to disk. This is an expert setting. Too low value will + slow down indexing; too high value will increase indexing + performance but causes performance issues for query performance. + maximum: 40 + minimum: 3 + type: integer + indices_memory_max_index_buffer_size: + description: Absolute value. Default is unbound. Doesn't + work without indices.memory.index_buffer_size. Maximum + amount of heap used for query cache, an absolute indices.memory.index_buffer_size + maximum hard limit. + maximum: 2048 + minimum: 3 + type: integer + indices_memory_min_index_buffer_size: + description: Absolute value. Default is 48mb. Doesn't work + without indices.memory.index_buffer_size. Minimum amount + of heap used for query cache, an absolute indices.memory.index_buffer_size + minimal hard limit. + maximum: 2048 + minimum: 3 + type: integer + indices_queries_cache_size: + description: Percentage value. Default is 10%. Maximum amount + of heap used for query cache. This is an expert setting. + Too low value will decrease query performance and increase + performance for other operations; too high value will + cause issues with other OpenSearch functionality. + maximum: 40 + minimum: 3 + type: integer + indices_query_bool_max_clause_count: + description: Maximum number of clauses Lucene BooleanQuery + can have. The default value (1024) is relatively high, + and increasing it may cause performance issues. Investigate + other approaches first before increasing this value. + maximum: 4096 + minimum: 64 + type: integer + indices_recovery_max_bytes_per_sec: + description: Limits total inbound and outbound recovery + traffic for each node. Applies to both peer recoveries + as well as snapshot recoveries (i.e., restores from a + snapshot). Defaults to 40mb + maximum: 400 + minimum: 40 + type: integer + indices_recovery_max_concurrent_file_chunks: + description: Number of file chunks sent in parallel for + each recovery. Defaults to 2. + maximum: 5 + minimum: 2 + type: integer + ism_enabled: + description: Specifies whether ISM is enabled or not + type: boolean + ism_history_enabled: + description: Specifies whether audit history is enabled + or not. The logs from ISM are automatically indexed to + a logs document. + type: boolean + ism_history_max_age: + description: The maximum age before rolling over the audit + history index in hours + maximum: 2147483647 + minimum: 1 + type: integer + ism_history_max_docs: + description: The maximum number of documents before rolling + over the audit history index. + minimum: 1 + type: integer + ism_history_rollover_check_period: + description: The time between rollover checks for the audit + history index in hours. + maximum: 2147483647 + minimum: 1 + type: integer + ism_history_rollover_retention_period: + description: How long audit history indices are kept in + days. + maximum: 2147483647 + minimum: 1 + type: integer + override_main_response_version: + description: Compatibility mode sets OpenSearch to report + its version as 7.10 so clients continue to work. Default + is false + type: boolean + reindex_remote_whitelist: + description: Whitelisted addresses for reindexing. Changing + this value will cause all OpenSearch instances to restart. + items: + type: string + maxItems: 32 + type: array + script_max_compilations_rate: + description: Script compilation circuit breaker limits the + number of inline script compilations within a period of + time. Default is use-context + maxLength: 1024 type: string - required: - - network + search_max_buckets: + description: Maximum number of aggregation buckets allowed + in a single response. OpenSearch default value is used + when this is not defined. + maximum: 1000000 + minimum: 1 + type: integer + thread_pool_analyze_queue_size: + description: Size for the thread pool queue. See documentation + for exact details. + maximum: 2000 + minimum: 10 + type: integer + thread_pool_analyze_size: + description: Size for the thread pool. See documentation + for exact details. Do note this may have maximum value + depending on CPU count - value is automatically lowered + if set to higher than maximum value. + maximum: 128 + minimum: 1 + type: integer + thread_pool_force_merge_size: + description: Size for the thread pool. See documentation + for exact details. Do note this may have maximum value + depending on CPU count - value is automatically lowered + if set to higher than maximum value. + maximum: 128 + minimum: 1 + type: integer + thread_pool_get_queue_size: + description: Size for the thread pool queue. See documentation + for exact details. + maximum: 2000 + minimum: 10 + type: integer + thread_pool_get_size: + description: Size for the thread pool. See documentation + for exact details. Do note this may have maximum value + depending on CPU count - value is automatically lowered + if set to higher than maximum value. + maximum: 128 + minimum: 1 + type: integer + thread_pool_search_queue_size: + description: Size for the thread pool queue. See documentation + for exact details. + maximum: 2000 + minimum: 10 + type: integer + thread_pool_search_size: + description: Size for the thread pool. See documentation + for exact details. Do note this may have maximum value + depending on CPU count - value is automatically lowered + if set to higher than maximum value. + maximum: 128 + minimum: 1 + type: integer + thread_pool_search_throttled_queue_size: + description: Size for the thread pool queue. See documentation + for exact details. + maximum: 2000 + minimum: 10 + type: integer + thread_pool_search_throttled_size: + description: Size for the thread pool. See documentation + for exact details. Do note this may have maximum value + depending on CPU count - value is automatically lowered + if set to higher than maximum value. + maximum: 128 + minimum: 1 + type: integer + thread_pool_write_queue_size: + description: Size for the thread pool queue. See documentation + for exact details. + maximum: 2000 + minimum: 10 + type: integer + thread_pool_write_size: + description: Size for the thread pool. See documentation + for exact details. Do note this may have maximum value + depending on CPU count - value is automatically lowered + if set to higher than maximum value. + maximum: 128 + minimum: 1 + type: integer type: object - maxItems: 1024 - type: array - keep_index_refresh_interval: - description: Aiven automation resets index.refresh_interval to - default value for every index to be sure that indices are always - visible to search. If it doesn't fit your case, you can disable - this by setting up this flag to true. - type: boolean - max_index_count: - description: 'DEPRECATED: use index_patterns instead' - minimum: 0 - type: integer - openid: - description: OpenSearch OpenID Connect Configuration - properties: - client_id: - description: The ID of the OpenID Connect client configured - in your IdP. Required. - maxLength: 1024 - minLength: 1 - type: string - client_secret: - description: The client secret of the OpenID Connect client - configured in your IdP. Required. - maxLength: 1024 - minLength: 1 - type: string - connect_url: - description: The URL of your IdP where the Security plugin - can find the OpenID Connect metadata/configuration settings. - maxLength: 2048 - type: string - enabled: - description: Enables or disables OpenID Connect authentication - for OpenSearch. When enabled, users can authenticate using - OpenID Connect with an Identity Provider. - type: boolean - header: - description: HTTP header name of the JWT token. Optional. - Default is Authorization. - maxLength: 1024 - minLength: 1 - type: string - jwt_header: - description: 'The HTTP header that stores the token. Typically - the Authorization header with the Bearer schema: Authorization: - Bearer . Optional. Default is Authorization.' - maxLength: 1024 - minLength: 1 - type: string - jwt_url_parameter: - description: If the token is not transmitted in the HTTP header, - but as an URL parameter, define the name of the parameter - here. Optional. - maxLength: 1024 - minLength: 1 - type: string - refresh_rate_limit_count: - description: The maximum number of unknown key IDs in the - time frame. Default is 10. Optional. - minimum: 10 - type: integer - refresh_rate_limit_time_window_ms: - description: The time frame to use when checking the maximum - number of unknown key IDs, in milliseconds. Optional.Default - is 10000 (10 seconds). - minimum: 10000 - type: integer - roles_key: - description: The key in the JSON payload that stores the user’s - roles. The value of this key must be a comma-separated list - of roles. Required only if you want to use roles in the - JWT - maxLength: 1024 - minLength: 1 - type: string - scope: - description: The scope of the identity token issued by the - IdP. Optional. Default is openid profile email address phone. - maxLength: 1024 - minLength: 1 - type: string - subject_key: - description: The key in the JSON payload that stores the user’s - name. If not defined, the subject registered claim is used. - Most IdP providers use the preferred_username claim. Optional. - maxLength: 1024 - minLength: 1 - type: string - required: - - client_id - - client_secret - - connect_url - type: object - opensearch: - description: OpenSearch settings + opensearch_dashboards: + description: OpenSearch Dashboards settings + properties: + enabled: + description: Enable or disable OpenSearch Dashboards + type: boolean + max_old_space_size: + description: 'Limits the maximum amount of memory (in MiB) + the OpenSearch Dashboards process can use. This sets the + max_old_space_size option of the nodejs running the OpenSearch + Dashboards. Note: the memory reserved by OpenSearch Dashboards + is not available for OpenSearch.' + maximum: 2048 + minimum: 64 + type: integer + opensearch_request_timeout: + description: Timeout in milliseconds for requests made by + OpenSearch Dashboards towards OpenSearch + maximum: 120000 + minimum: 5000 + type: integer + type: object + opensearch_version: + description: OpenSearch major version + enum: ['1', '2'] + type: string + private_access: + description: Allow access to selected service ports from private + networks + properties: + opensearch: + description: Allow clients to connect to opensearch with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + opensearch_dashboards: + description: Allow clients to connect to opensearch_dashboards + with a DNS name that always resolves to the service's + private IP addresses. Only available in certain network + locations + type: boolean + prometheus: + description: Allow clients to connect to prometheus with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + type: object + privatelink_access: + description: Allow access to selected service components through + Privatelink + properties: + opensearch: + description: Enable opensearch + type: boolean + opensearch_dashboards: + description: Enable opensearch_dashboards + type: boolean + prometheus: + description: Enable prometheus + type: boolean + type: object + project_to_fork_from: + description: Name of another project to fork a service from. + This has effect only when a new service is being created. + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + public_access: + description: Allow access to selected service ports from the + public Internet + properties: + opensearch: + description: Allow clients to connect to opensearch from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + opensearch_dashboards: + description: Allow clients to connect to opensearch_dashboards + from the public internet for service nodes that are in + a project VPC or another type of private network + type: boolean + prometheus: + description: Allow clients to connect to prometheus from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + type: object + recovery_basebackup_name: + description: Name of the basebackup to restore in forked service + maxLength: 128 + pattern: ^[a-zA-Z0-9-_:.]+$ + type: string + saml: + description: OpenSearch SAML configuration + properties: + enabled: + description: Enables or disables SAML-based authentication + for OpenSearch. When enabled, users can authenticate using + SAML with an Identity Provider. + type: boolean + idp_entity_id: + description: The unique identifier for the Identity Provider + (IdP) entity that is used for SAML authentication. This + value is typically provided by the IdP. + maxLength: 1024 + minLength: 1 + type: string + idp_metadata_url: + description: The URL of the SAML metadata for the Identity + Provider (IdP). This is used to configure SAML-based authentication + with the IdP. + maxLength: 2048 + minLength: 1 + type: string + idp_pemtrustedcas_content: + description: This parameter specifies the PEM-encoded root + certificate authority (CA) content for the SAML identity + provider (IdP) server verification. The root CA content + is used to verify the SSL/TLS certificate presented by + the server. + maxLength: 16384 + type: string + roles_key: + description: Optional. Specifies the attribute in the SAML + response where role information is stored, if available. + Role attributes are not required for SAML authentication, + but can be included in SAML assertions by most Identity + Providers (IdPs) to determine user access levels or permissions. + maxLength: 256 + minLength: 1 + type: string + sp_entity_id: + description: The unique identifier for the Service Provider + (SP) entity that is used for SAML authentication. This + value is typically provided by the SP. + maxLength: 1024 + minLength: 1 + type: string + subject_key: + description: Optional. Specifies the attribute in the SAML + response where the subject identifier is stored. If not + configured, the NameID attribute is used by default. + maxLength: 256 + minLength: 1 + type: string + required: [enabled, idp_entity_id, idp_metadata_url, sp_entity_id] + type: object + service_log: + description: Store logs for the service so that they are available + in the HTTP API and console. + type: boolean + service_to_fork_from: + description: Name of another service to fork from. This has + effect only when a new service is being created. + maxLength: 64 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + static_ips: + description: Use static public IP addresses + type: boolean + type: object + required: [plan, project] + type: object + status: + description: ServiceStatus defines the observed state of service + properties: + conditions: + description: Conditions represent the latest available observations + of a service state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" properties: - action_auto_create_index_enabled: - description: Explicitly allow or block automatic creation - of indices. Defaults to true - type: boolean - action_destructive_requires_name: - description: Require explicit index names when deleting - type: boolean - auth_failure_listeners: - description: Opensearch Security Plugin Settings - properties: - internal_authentication_backend_limiting: - properties: - allowed_tries: - description: The number of login attempts allowed - before login is blocked - maximum: 2147483647 - minimum: 0 - type: integer - authentication_backend: - description: internal_authentication_backend_limiting.authentication_backend - enum: - - internal - maxLength: 1024 - type: string - block_expiry_seconds: - description: The duration of time that login remains - blocked after a failed login - maximum: 2147483647 - minimum: 0 - type: integer - max_blocked_clients: - description: internal_authentication_backend_limiting.max_blocked_clients - maximum: 2147483647 - minimum: 0 - type: integer - max_tracked_clients: - description: The maximum number of tracked IP addresses - that have failed login - maximum: 2147483647 - minimum: 0 - type: integer - time_window_seconds: - description: The window of time in which the value - for `allowed_tries` is enforced - maximum: 2147483647 - minimum: 0 - type: integer - type: - description: internal_authentication_backend_limiting.type - enum: - - username - maxLength: 1024 - type: string - type: object - ip_rate_limiting: - description: IP address rate limiting settings - properties: - allowed_tries: - description: The number of login attempts allowed - before login is blocked - maximum: 2147483647 - minimum: 1 - type: integer - block_expiry_seconds: - description: The duration of time that login remains - blocked after a failed login - maximum: 36000 - minimum: 1 - type: integer - max_blocked_clients: - description: The maximum number of blocked IP addresses - maximum: 2147483647 - minimum: 0 - type: integer - max_tracked_clients: - description: The maximum number of tracked IP addresses - that have failed login - maximum: 2147483647 - minimum: 0 - type: integer - time_window_seconds: - description: The window of time in which the value - for `allowed_tries` is enforced - maximum: 36000 - minimum: 1 - type: integer - type: - description: The type of rate limiting - enum: - - ip - maxLength: 1024 - type: string - type: object - type: object - cluster_max_shards_per_node: - description: Controls the number of shards allowed in the - cluster per data node - maximum: 10000 - minimum: 100 - type: integer - cluster_routing_allocation_node_concurrent_recoveries: - description: How many concurrent incoming/outgoing shard recoveries - (normally replicas) are allowed to happen on a node. Defaults - to 2. - maximum: 16 - minimum: 2 - type: integer - email_sender_name: - description: Sender name placeholder to be used in Opensearch - Dashboards and Opensearch keystore - maxLength: 40 - pattern: ^[a-zA-Z0-9-_]+$ + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time type: string - email_sender_password: - description: Sender password for Opensearch alerts to authenticate - with SMTP server - maxLength: 1024 - pattern: ^[^\x00-\x1F]+$ - type: string - email_sender_username: - description: Sender username for Opensearch alerts - maxLength: 320 - pattern: ^[^\x00-\x1F]+$ + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 type: string - enable_security_audit: - description: Enable/Disable security audit - type: boolean - http_max_content_length: - description: Maximum content length for HTTP requests to the - OpenSearch HTTP API, in bytes. - maximum: 2147483647 - minimum: 1 - type: integer - http_max_header_size: - description: The max size of allowed headers, in bytes - maximum: 262144 - minimum: 1024 - type: integer - http_max_initial_line_length: - description: The max length of an HTTP URL, in bytes - maximum: 65536 - minimum: 1024 - type: integer - indices_fielddata_cache_size: - description: Relative amount. Maximum amount of heap memory - used for field data cache. This is an expert setting; decreasing - the value too much will increase overhead of loading field - data; too much memory used for field data cache will decrease - amount of heap available for other operations. - maximum: 100 - minimum: 3 - type: integer - indices_memory_index_buffer_size: - description: Percentage value. Default is 10%. Total amount - of heap used for indexing buffer, before writing segments - to disk. This is an expert setting. Too low value will slow - down indexing; too high value will increase indexing performance - but causes performance issues for query performance. - maximum: 40 - minimum: 3 - type: integer - indices_memory_max_index_buffer_size: - description: Absolute value. Default is unbound. Doesn't work - without indices.memory.index_buffer_size. Maximum amount - of heap used for query cache, an absolute indices.memory.index_buffer_size - maximum hard limit. - maximum: 2048 - minimum: 3 - type: integer - indices_memory_min_index_buffer_size: - description: Absolute value. Default is 48mb. Doesn't work - without indices.memory.index_buffer_size. Minimum amount - of heap used for query cache, an absolute indices.memory.index_buffer_size - minimal hard limit. - maximum: 2048 - minimum: 3 - type: integer - indices_queries_cache_size: - description: Percentage value. Default is 10%. Maximum amount - of heap used for query cache. This is an expert setting. - Too low value will decrease query performance and increase - performance for other operations; too high value will cause - issues with other OpenSearch functionality. - maximum: 40 - minimum: 3 - type: integer - indices_query_bool_max_clause_count: - description: Maximum number of clauses Lucene BooleanQuery - can have. The default value (1024) is relatively high, and - increasing it may cause performance issues. Investigate - other approaches first before increasing this value. - maximum: 4096 - minimum: 64 - type: integer - indices_recovery_max_bytes_per_sec: - description: Limits total inbound and outbound recovery traffic - for each node. Applies to both peer recoveries as well as - snapshot recoveries (i.e., restores from a snapshot). Defaults - to 40mb - maximum: 400 - minimum: 40 - type: integer - indices_recovery_max_concurrent_file_chunks: - description: Number of file chunks sent in parallel for each - recovery. Defaults to 2. - maximum: 5 - minimum: 2 - type: integer - ism_enabled: - description: Specifies whether ISM is enabled or not - type: boolean - ism_history_enabled: - description: Specifies whether audit history is enabled or - not. The logs from ISM are automatically indexed to a logs - document. - type: boolean - ism_history_max_age: - description: The maximum age before rolling over the audit - history index in hours - maximum: 2147483647 - minimum: 1 - type: integer - ism_history_max_docs: - description: The maximum number of documents before rolling - over the audit history index. - minimum: 1 - type: integer - ism_history_rollover_check_period: - description: The time between rollover checks for the audit - history index in hours. - maximum: 2147483647 - minimum: 1 - type: integer - ism_history_rollover_retention_period: - description: How long audit history indices are kept in days. - maximum: 2147483647 - minimum: 1 - type: integer - override_main_response_version: - description: Compatibility mode sets OpenSearch to report - its version as 7.10 so clients continue to work. Default - is false - type: boolean - reindex_remote_whitelist: - description: Whitelisted addresses for reindexing. Changing - this value will cause all OpenSearch instances to restart. - items: - type: string - maxItems: 32 - type: array - script_max_compilations_rate: - description: Script compilation circuit breaker limits the - number of inline script compilations within a period of - time. Default is use-context - maxLength: 1024 - type: string - search_max_buckets: - description: Maximum number of aggregation buckets allowed - in a single response. OpenSearch default value is used when - this is not defined. - maximum: 1000000 - minimum: 1 - type: integer - thread_pool_analyze_queue_size: - description: Size for the thread pool queue. See documentation - for exact details. - maximum: 2000 - minimum: 10 - type: integer - thread_pool_analyze_size: - description: Size for the thread pool. See documentation for - exact details. Do note this may have maximum value depending - on CPU count - value is automatically lowered if set to - higher than maximum value. - maximum: 128 - minimum: 1 - type: integer - thread_pool_force_merge_size: - description: Size for the thread pool. See documentation for - exact details. Do note this may have maximum value depending - on CPU count - value is automatically lowered if set to - higher than maximum value. - maximum: 128 - minimum: 1 - type: integer - thread_pool_get_queue_size: - description: Size for the thread pool queue. See documentation - for exact details. - maximum: 2000 - minimum: 10 - type: integer - thread_pool_get_size: - description: Size for the thread pool. See documentation for - exact details. Do note this may have maximum value depending - on CPU count - value is automatically lowered if set to - higher than maximum value. - maximum: 128 - minimum: 1 - type: integer - thread_pool_search_queue_size: - description: Size for the thread pool queue. See documentation - for exact details. - maximum: 2000 - minimum: 10 - type: integer - thread_pool_search_size: - description: Size for the thread pool. See documentation for - exact details. Do note this may have maximum value depending - on CPU count - value is automatically lowered if set to - higher than maximum value. - maximum: 128 - minimum: 1 - type: integer - thread_pool_search_throttled_queue_size: - description: Size for the thread pool queue. See documentation - for exact details. - maximum: 2000 - minimum: 10 - type: integer - thread_pool_search_throttled_size: - description: Size for the thread pool. See documentation for - exact details. Do note this may have maximum value depending - on CPU count - value is automatically lowered if set to - higher than maximum value. - maximum: 128 - minimum: 1 - type: integer - thread_pool_write_queue_size: - description: Size for the thread pool queue. See documentation - for exact details. - maximum: 2000 - minimum: 10 - type: integer - thread_pool_write_size: - description: Size for the thread pool. See documentation for - exact details. Do note this may have maximum value depending - on CPU count - value is automatically lowered if set to - higher than maximum value. - maximum: 128 - minimum: 1 - type: integer - type: object - opensearch_dashboards: - description: OpenSearch Dashboards settings - properties: - enabled: - description: Enable or disable OpenSearch Dashboards - type: boolean - max_old_space_size: - description: 'Limits the maximum amount of memory (in MiB) - the OpenSearch Dashboards process can use. This sets the - max_old_space_size option of the nodejs running the OpenSearch - Dashboards. Note: the memory reserved by OpenSearch Dashboards - is not available for OpenSearch.' - maximum: 2048 - minimum: 64 - type: integer - opensearch_request_timeout: - description: Timeout in milliseconds for requests made by - OpenSearch Dashboards towards OpenSearch - maximum: 120000 - minimum: 5000 + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 type: integer - type: object - opensearch_version: - description: OpenSearch major version - enum: - - "1" - - "2" - type: string - private_access: - description: Allow access to selected service ports from private - networks - properties: - opensearch: - description: Allow clients to connect to opensearch with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - opensearch_dashboards: - description: Allow clients to connect to opensearch_dashboards - with a DNS name that always resolves to the service's private - IP addresses. Only available in certain network locations - type: boolean - prometheus: - description: Allow clients to connect to prometheus with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - type: object - privatelink_access: - description: Allow access to selected service components through - Privatelink - properties: - opensearch: - description: Enable opensearch - type: boolean - opensearch_dashboards: - description: Enable opensearch_dashboards - type: boolean - prometheus: - description: Enable prometheus - type: boolean - type: object - project_to_fork_from: - description: Name of another project to fork a service from. This - has effect only when a new service is being created. - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - public_access: - description: Allow access to selected service ports from the public - Internet - properties: - opensearch: - description: Allow clients to connect to opensearch from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - opensearch_dashboards: - description: Allow clients to connect to opensearch_dashboards - from the public internet for service nodes that are in a - project VPC or another type of private network - type: boolean - prometheus: - description: Allow clients to connect to prometheus from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - type: object - recovery_basebackup_name: - description: Name of the basebackup to restore in forked service - maxLength: 128 - pattern: ^[a-zA-Z0-9-_:.]+$ - type: string - saml: - description: OpenSearch SAML configuration - properties: - enabled: - description: Enables or disables SAML-based authentication - for OpenSearch. When enabled, users can authenticate using - SAML with an Identity Provider. - type: boolean - idp_entity_id: - description: The unique identifier for the Identity Provider - (IdP) entity that is used for SAML authentication. This - value is typically provided by the IdP. + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. maxLength: 1024 minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - idp_metadata_url: - description: The URL of the SAML metadata for the Identity - Provider (IdP). This is used to configure SAML-based authentication - with the IdP. - maxLength: 2048 - minLength: 1 - type: string - idp_pemtrustedcas_content: - description: This parameter specifies the PEM-encoded root - certificate authority (CA) content for the SAML identity - provider (IdP) server verification. The root CA content - is used to verify the SSL/TLS certificate presented by the - server. - maxLength: 16384 - type: string - roles_key: - description: Optional. Specifies the attribute in the SAML - response where role information is stored, if available. - Role attributes are not required for SAML authentication, - but can be included in SAML assertions by most Identity - Providers (IdPs) to determine user access levels or permissions. - maxLength: 256 - minLength: 1 - type: string - sp_entity_id: - description: The unique identifier for the Service Provider - (SP) entity that is used for SAML authentication. This value - is typically provided by the SP. - maxLength: 1024 - minLength: 1 + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] type: string - subject_key: - description: Optional. Specifies the attribute in the SAML - response where the subject identifier is stored. If not - configured, the NameID attribute is used by default. - maxLength: 256 - minLength: 1 + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string - required: - - enabled - - idp_entity_id - - idp_metadata_url - - sp_entity_id + required: [lastTransitionTime, message, reason, status, type] type: object - service_log: - description: Store logs for the service so that they are available - in the HTTP API and console. - type: boolean - service_to_fork_from: - description: Name of another service to fork from. This has effect - only when a new service is being created. - maxLength: 64 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - static_ips: - description: Use static public IP addresses - type: boolean - type: object - required: - - plan - - project - type: object - status: - description: ServiceStatus defines the observed state of service - properties: - conditions: - description: Conditions represent the latest available observations - of a service state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - state: - description: Service state - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + state: + description: Service state + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_postgresqls.yaml b/config/crd/bases/aiven.io_postgresqls.yaml index d22d4d69..7978a6b5 100644 --- a/config/crd/bases/aiven.io_postgresqls.yaml +++ b/config/crd/bases/aiven.io_postgresqls.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: postgresqls.aiven.io + spec: group: aiven.io names: @@ -15,951 +17,916 @@ spec: singular: postgresql scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.cloudName - name: Region - type: string - - jsonPath: .spec.plan - name: Plan - type: string - - jsonPath: .status.state - name: State - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: PostgreSQL is the Schema for the postgresql API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PostgreSQLSpec defines the desired state of postgres instance - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - cloudName: - description: Cloud the service runs in. - maxLength: 256 - type: string - connInfoSecretTarget: - description: 'Information regarding secret creation. Exposed keys: - `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, - `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`' - properties: - annotations: - additionalProperties: - type: string - description: Annotations added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - additionalProperties: - type: string - description: Labels added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: Name of the secret resource to be created. By default, - is equal to the resource name - type: string - prefix: - description: Prefix for the secret's keys. Added "as is" without - any transformations. By default, is equal to the kind name in - uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - type: string - required: - - name - type: object - disk_space: - description: The disk space of the service, possible values depend - on the service type, the cloud provider and the project. Reducing - will result in the service re-balancing. - format: ^[1-9][0-9]*(GiB|G)* - type: string - maintenanceWindowDow: - description: Day of week when maintenance operations should be performed. - One monday, tuesday, wednesday, etc. - enum: - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - - sunday - type: string - maintenanceWindowTime: - description: Time of day when maintenance operations should be performed. - UTC time in HH:mm:ss format. - maxLength: 8 - type: string - plan: - description: Subscription plan. - maxLength: 128 - type: string - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - projectVPCRef: - description: ProjectVPCRef reference to ProjectVPC resource to use - its ID as ProjectVPCID automatically - properties: - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - required: - - name - type: object - projectVpcId: - description: Identifier of the VPC the service should be in, if any. - maxLength: 36 - type: string - serviceIntegrations: - description: Service integrations to specify when creating a service. - Not applied after initial service creation - items: - description: Service integrations to specify when creating a service. - Not applied after initial service creation + - additionalPrinterColumns: + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.cloudName + name: Region + type: string + - jsonPath: .spec.plan + name: Plan + type: string + - jsonPath: .status.state + name: State + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: PostgreSQL is the Schema for the postgresql API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PostgreSQLSpec defines the desired state of postgres instance + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - integrationType: - enum: - - read_replica + key: + minLength: 1 type: string - sourceServiceName: - maxLength: 64 + name: minLength: 1 type: string - required: - - integrationType - - sourceServiceName + required: [key, name] type: object - maxItems: 1 - type: array - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - tags: - additionalProperties: + cloudName: + description: Cloud the service runs in. + maxLength: 256 type: string - description: Tags are key-value pairs that allow you to categorize - services. - type: object - terminationProtection: - description: Prevent service from being deleted. It is recommended - to have this enabled for all services. - type: boolean - userConfig: - description: PostgreSQL specific user configuration options - properties: - additional_backup_regions: - description: Additional Cloud Regions for Backup Replication - items: + connInfoSecretTarget: + description: 'Information regarding secret creation. Exposed keys: + `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, + `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`' + properties: + annotations: + additionalProperties: + type: string + description: Annotations added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: + type: string + description: Labels added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Name of the secret resource to be created. By default, + is equal to the resource name type: string - maxItems: 1 - type: array - admin_password: - description: Custom password for admin user. Defaults to random - string. This must be set only when a new service is being created. - maxLength: 256 - minLength: 8 - pattern: ^[a-zA-Z0-9-_]+$ - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - admin_username: - description: Custom username for admin user. This must be set - only when a new service is being created. - maxLength: 64 - pattern: ^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$ - type: string - x-kubernetes-validations: + prefix: + description: Prefix for the secret's keys. Added "as is" without + any transformations. By default, is equal to the kind name + in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. + type: string + required: [name] + type: object + disk_space: + description: The disk space of the service, possible values depend + on the service type, the cloud provider and the project. Reducing + will result in the service re-balancing. + format: ^[1-9][0-9]*(GiB|G)* + type: string + maintenanceWindowDow: + description: Day of week when maintenance operations should be performed. + One monday, tuesday, wednesday, etc. + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + maintenanceWindowTime: + description: Time of day when maintenance operations should be performed. + UTC time in HH:mm:ss format. + maxLength: 8 + type: string + plan: + description: Subscription plan. + maxLength: 128 + type: string + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf - backup_hour: - description: The hour of day (in UTC) when backup for the service - is started. New backup is only started if previous backup has - already completed. - maximum: 23 - minimum: 0 - type: integer - backup_minute: - description: The minute of an hour when backup for the service - is started. New backup is only started if previous backup has - already completed. - maximum: 59 - minimum: 0 - type: integer - enable_ipv6: - description: Register AAAA DNS records for the service, and allow - IPv6 packets to service ports - type: boolean - ip_filter: - description: Allow incoming connections from CIDR address block, - e.g. '10.20.0.0/16' - items: - description: CIDR address block, either as a string, or in a - dict with an optional description field - properties: - description: - description: Description for IP filter list entry - maxLength: 1024 - type: string - network: - description: CIDR address block - maxLength: 43 - type: string - required: - - network - type: object - maxItems: 1024 - type: array - migration: - description: Migrate data from existing server - properties: - dbname: - description: Database name for bootstrapping the initial connection - maxLength: 63 - type: string - host: - description: Hostname or IP address of the server where to - migrate data from - maxLength: 255 - type: string - ignore_dbs: - description: Comma-separated list of databases, which should - be ignored during migration (supported by MySQL and PostgreSQL - only at the moment) - maxLength: 2048 - type: string - method: - description: The migration method to be used (currently supported - only by Redis, Dragonfly, MySQL and PostgreSQL service types) - enum: - - dump - - replication - type: string - password: - description: Password for authentication with the server where - to migrate data from - maxLength: 256 - type: string - port: - description: Port number of the server where to migrate data - from - maximum: 65535 - minimum: 1 - type: integer - ssl: - description: The server where to migrate data from is secured - with SSL - type: boolean - username: - description: User name for authentication with the server - where to migrate data from - maxLength: 256 - type: string - required: - - host - - port - type: object - pg: - description: postgresql.conf configuration values + projectVPCRef: + description: ProjectVPCRef reference to ProjectVPC resource to use + its ID as ProjectVPCID automatically + properties: + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + required: [name] + type: object + projectVpcId: + description: Identifier of the VPC the service should be in, if + any. + maxLength: 36 + type: string + serviceIntegrations: + description: Service integrations to specify when creating a service. + Not applied after initial service creation + items: + description: Service integrations to specify when creating a service. + Not applied after initial service creation properties: - autovacuum_analyze_scale_factor: - description: Specifies a fraction of the table size to add - to autovacuum_analyze_threshold when deciding whether to - trigger an ANALYZE. The default is 0.2 (20% of table size) - maximum: 1 - minimum: 0 - type: number - autovacuum_analyze_threshold: - description: Specifies the minimum number of inserted, updated - or deleted tuples needed to trigger an ANALYZE in any one - table. The default is 50 tuples. - maximum: 2147483647 - minimum: 0 - type: integer - autovacuum_freeze_max_age: - description: Specifies the maximum age (in transactions) that - a table's pg_class.relfrozenxid field can attain before - a VACUUM operation is forced to prevent transaction ID wraparound - within the table. Note that the system will launch autovacuum - processes to prevent wraparound even when autovacuum is - otherwise disabled. This parameter will cause the server - to be restarted. - maximum: 1500000000 - minimum: 200000000 - type: integer - autovacuum_max_workers: - description: Specifies the maximum number of autovacuum processes - (other than the autovacuum launcher) that may be running - at any one time. The default is three. This parameter can - only be set at server start. - maximum: 20 - minimum: 1 - type: integer - autovacuum_naptime: - description: Specifies the minimum delay between autovacuum - runs on any given database. The delay is measured in seconds, - and the default is one minute - maximum: 86400 - minimum: 1 - type: integer - autovacuum_vacuum_cost_delay: - description: Specifies the cost delay value that will be used - in automatic VACUUM operations. If -1 is specified, the - regular vacuum_cost_delay value will be used. The default - value is 20 milliseconds - maximum: 100 - minimum: -1 - type: integer - autovacuum_vacuum_cost_limit: - description: Specifies the cost limit value that will be used - in automatic VACUUM operations. If -1 is specified (which - is the default), the regular vacuum_cost_limit value will - be used. - maximum: 10000 - minimum: -1 - type: integer - autovacuum_vacuum_scale_factor: - description: Specifies a fraction of the table size to add - to autovacuum_vacuum_threshold when deciding whether to - trigger a VACUUM. The default is 0.2 (20% of table size) - maximum: 1 - minimum: 0 - type: number - autovacuum_vacuum_threshold: - description: Specifies the minimum number of updated or deleted - tuples needed to trigger a VACUUM in any one table. The - default is 50 tuples - maximum: 2147483647 - minimum: 0 - type: integer - bgwriter_delay: - description: Specifies the delay between activity rounds for - the background writer in milliseconds. Default is 200. - maximum: 10000 - minimum: 10 - type: integer - bgwriter_flush_after: - description: Whenever more than bgwriter_flush_after bytes - have been written by the background writer, attempt to force - the OS to issue these writes to the underlying storage. - Specified in kilobytes, default is 512. Setting of 0 disables - forced writeback. - maximum: 2048 - minimum: 0 - type: integer - bgwriter_lru_maxpages: - description: In each round, no more than this many buffers - will be written by the background writer. Setting this to - zero disables background writing. Default is 100. - maximum: 1073741823 - minimum: 0 - type: integer - bgwriter_lru_multiplier: - description: The average recent need for new buffers is multiplied - by bgwriter_lru_multiplier to arrive at an estimate of the - number that will be needed during the next round, (up to - bgwriter_lru_maxpages). 1.0 represents a “just in time” - policy of writing exactly the number of buffers predicted - to be needed. Larger values provide some cushion against - spikes in demand, while smaller values intentionally leave - writes to be done by server processes. The default is 2.0. - maximum: 10 - minimum: 0 - type: number - deadlock_timeout: - description: This is the amount of time, in milliseconds, - to wait on a lock before checking to see if there is a deadlock - condition. - maximum: 1800000 - minimum: 500 - type: integer - default_toast_compression: - description: Specifies the default TOAST compression method - for values of compressible columns (the default is lz4). - enum: - - lz4 - - pglz - type: string - idle_in_transaction_session_timeout: - description: Time out sessions with open transactions after - this number of milliseconds - maximum: 604800000 - minimum: 0 - type: integer - jit: - description: Controls system-wide use of Just-in-Time Compilation - (JIT). - type: boolean - log_autovacuum_min_duration: - description: Causes each action executed by autovacuum to - be logged if it ran for at least the specified number of - milliseconds. Setting this to zero logs all autovacuum actions. - Minus-one (the default) disables logging autovacuum actions. - maximum: 2147483647 - minimum: -1 - type: integer - log_error_verbosity: - description: Controls the amount of detail written in the - server log for each message that is logged. - enum: - - TERSE - - DEFAULT - - VERBOSE - type: string - log_line_prefix: - description: Choose from one of the available log-formats. - These can support popular log analyzers like pgbadger, pganalyze - etc. - enum: - - '''pid=%p,user=%u,db=%d,app=%a,client=%h ''' - - '''%t [%p]: [%l-1] user=%u,db=%d,app=%a,client=%h ''' - - '''%m [%p] %q[user=%u,db=%d,app=%a] ''' - type: string - log_min_duration_statement: - description: Log statements that take more than this number - of milliseconds to run, -1 disables - maximum: 86400000 - minimum: -1 - type: integer - log_temp_files: - description: Log statements for each temporary file created - larger than this number of kilobytes, -1 disables - maximum: 2147483647 - minimum: -1 - type: integer - max_files_per_process: - description: PostgreSQL maximum number of files that can be - open per process - maximum: 4096 - minimum: 1000 - type: integer - max_locks_per_transaction: - description: PostgreSQL maximum locks per transaction - maximum: 6400 - minimum: 64 - type: integer - max_logical_replication_workers: - description: PostgreSQL maximum logical replication workers - (taken from the pool of max_parallel_workers) - maximum: 64 - minimum: 4 - type: integer - max_parallel_workers: - description: Sets the maximum number of workers that the system - can support for parallel queries - maximum: 96 - minimum: 0 - type: integer - max_parallel_workers_per_gather: - description: Sets the maximum number of workers that can be - started by a single Gather or Gather Merge node - maximum: 96 - minimum: 0 - type: integer - max_pred_locks_per_transaction: - description: PostgreSQL maximum predicate locks per transaction - maximum: 5120 - minimum: 64 - type: integer - max_prepared_transactions: - description: PostgreSQL maximum prepared transactions - maximum: 10000 - minimum: 0 - type: integer - max_replication_slots: - description: PostgreSQL maximum replication slots - maximum: 64 - minimum: 8 - type: integer - max_slot_wal_keep_size: - description: PostgreSQL maximum WAL size (MB) reserved for - replication slots. Default is -1 (unlimited). wal_keep_size - minimum WAL size setting takes precedence over this. - maximum: 2147483647 - minimum: -1 - type: integer - max_stack_depth: - description: Maximum depth of the stack in bytes - maximum: 6291456 - minimum: 2097152 - type: integer - max_standby_archive_delay: - description: Max standby archive delay in milliseconds - maximum: 43200000 - minimum: 1 - type: integer - max_standby_streaming_delay: - description: Max standby streaming delay in milliseconds - maximum: 43200000 - minimum: 1 - type: integer - max_wal_senders: - description: PostgreSQL maximum WAL senders - maximum: 64 - minimum: 20 - type: integer - max_worker_processes: - description: Sets the maximum number of background processes - that the system can support - maximum: 96 - minimum: 8 - type: integer - pg_partman_bgw.interval: - description: Sets the time interval to run pg_partman's scheduled - tasks - maximum: 604800 - minimum: 3600 - type: integer - pg_partman_bgw.role: - description: Controls which role to use for pg_partman's scheduled - background tasks. - maxLength: 64 - pattern: ^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$ + integrationType: + enum: [read_replica] type: string - pg_stat_monitor.pgsm_enable_query_plan: - description: Enables or disables query plan monitoring - type: boolean - pg_stat_monitor.pgsm_max_buckets: - description: Sets the maximum number of buckets - maximum: 10 - minimum: 1 - type: integer - pg_stat_statements.track: - description: Controls which statements are counted. Specify - top to track top-level statements (those issued directly - by clients), all to also track nested statements (such as - statements invoked within functions), or none to disable - statement statistics collection. The default value is top. - enum: - - all - - top - - none - type: string - temp_file_limit: - description: PostgreSQL temporary file limit in KiB, -1 for - unlimited - maximum: 2147483647 - minimum: -1 - type: integer - timezone: - description: PostgreSQL service timezone + sourceServiceName: maxLength: 64 + minLength: 1 type: string - track_activity_query_size: - description: Specifies the number of bytes reserved to track - the currently executing command for each active session. - maximum: 10240 - minimum: 1024 - type: integer - track_commit_timestamp: - description: Record commit time of transactions. - enum: - - "off" - - "on" - type: string - track_functions: - description: Enables tracking of function call counts and - time used. - enum: - - all - - pl - - none - type: string - track_io_timing: - description: Enables timing of database I/O calls. This parameter - is off by default, because it will repeatedly query the - operating system for the current time, which may cause significant - overhead on some platforms. - enum: - - "off" - - "on" - type: string - wal_sender_timeout: - description: Terminate replication connections that are inactive - for longer than this amount of time, in milliseconds. Setting - this value to zero disables the timeout. - type: integer - wal_writer_delay: - description: WAL flush interval in milliseconds. Note that - setting this value to lower than the default 200ms may negatively - impact performance - maximum: 200 - minimum: 10 - type: integer - type: object - pg_qualstats: - description: Deprecated. System-wide settings for the pg_qualstats - extension - properties: - enabled: - description: Deprecated. Enable / Disable pg_qualstats - type: boolean - min_err_estimate_num: - description: Deprecated. Error estimation num threshold to - save quals - minimum: 0 - type: integer - min_err_estimate_ratio: - description: Deprecated. Error estimation ratio threshold - to save quals - minimum: 0 - type: integer - track_constants: - description: Deprecated. Enable / Disable pg_qualstats constants - tracking - type: boolean - track_pg_catalog: - description: Deprecated. Track quals on system catalogs too. - type: boolean - type: object - pg_read_replica: - description: Should the service which is being forked be a read - replica (deprecated, use read_replica service integration instead). - type: boolean - pg_service_to_fork_from: - description: Name of the PG Service from which to fork (deprecated, - use service_to_fork_from). This has effect only when a new service - is being created. - maxLength: 64 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - pg_stat_monitor_enable: - description: Enable the pg_stat_monitor extension. Enabling this - extension will cause the cluster to be restarted.When this extension - is enabled, pg_stat_statements results for utility commands - are unreliable - type: boolean - pg_version: - description: PostgreSQL major version - enum: - - "11" - - "12" - - "13" - - "14" - - "15" - type: string - pgbouncer: - description: PGBouncer connection pooling settings - properties: - autodb_idle_timeout: - description: If the automatically created database pools have - been unused this many seconds, they are freed. If 0 then - timeout is disabled. [seconds] - maximum: 86400 - minimum: 0 - type: integer - autodb_max_db_connections: - description: Do not allow more than this many server connections - per database (regardless of user). Setting it to 0 means - unlimited. - maximum: 2147483647 - minimum: 0 - type: integer - autodb_pool_mode: - description: PGBouncer pool mode - enum: - - session - - transaction - - statement - type: string - autodb_pool_size: - description: If non-zero then create automatically a pool - of that size per user when a pool doesn't exist. - maximum: 10000 - minimum: 0 - type: integer - ignore_startup_parameters: - description: List of parameters to ignore when given in startup - packet - items: - type: string - maxItems: 32 - type: array - min_pool_size: - description: Add more server connections to pool if below - this number. Improves behavior when usual load comes suddenly - back after period of total inactivity. The value is effectively - capped at the pool size. - maximum: 10000 - minimum: 0 - type: integer - server_idle_timeout: - description: If a server connection has been idle more than - this many seconds it will be dropped. If 0 then timeout - is disabled. [seconds] - maximum: 86400 - minimum: 0 - type: integer - server_lifetime: - description: The pooler will close an unused server connection - that has been connected longer than this. [seconds] - maximum: 86400 - minimum: 60 - type: integer - server_reset_query_always: - description: Run server_reset_query (DISCARD ALL) in all pooling - modes - type: boolean - type: object - pglookout: - description: System-wide settings for pglookout. - properties: - max_failover_replication_time_lag: - description: Number of seconds of master unavailability before - triggering database failover to standby - minimum: 10 - type: integer - type: object - private_access: - description: Allow access to selected service ports from private - networks - properties: - pg: - description: Allow clients to connect to pg with a DNS name - that always resolves to the service's private IP addresses. - Only available in certain network locations - type: boolean - pgbouncer: - description: Allow clients to connect to pgbouncer with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - prometheus: - description: Allow clients to connect to prometheus with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - type: object - privatelink_access: - description: Allow access to selected service components through - Privatelink - properties: - pg: - description: Enable pg - type: boolean - pgbouncer: - description: Enable pgbouncer - type: boolean - prometheus: - description: Enable prometheus - type: boolean - type: object - project_to_fork_from: - description: Name of another project to fork a service from. This - has effect only when a new service is being created. - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - public_access: - description: Allow access to selected service ports from the public - Internet - properties: - pg: - description: Allow clients to connect to pg from the public - internet for service nodes that are in a project VPC or - another type of private network - type: boolean - pgbouncer: - description: Allow clients to connect to pgbouncer from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - prometheus: - description: Allow clients to connect to prometheus from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean + required: [integrationType, sourceServiceName] type: object - recovery_target_time: - description: Recovery target time when forking a service. This - has effect only when a new service is being created. - maxLength: 32 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - service_log: - description: Store logs for the service so that they are available - in the HTTP API and console. - type: boolean - service_to_fork_from: - description: Name of another service to fork from. This has effect - only when a new service is being created. - maxLength: 64 - type: string - x-kubernetes-validations: + maxItems: 1 + type: array + x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf - shared_buffers_percentage: - description: Percentage of total RAM that the database server - uses for shared memory buffers. Valid range is 20-60 (float), - which corresponds to 20% - 60%. This setting adjusts the shared_buffers - configuration value. - maximum: 60 - minimum: 20 - type: number - static_ips: - description: Use static public IP addresses - type: boolean - synchronous_replication: - description: Synchronous replication type. Note that the service - plan also needs to support synchronous replication. - enum: - - quorum - - "off" + tags: + additionalProperties: type: string - timescaledb: - description: System-wide settings for the timescaledb extension - properties: - max_background_workers: - description: The number of background workers for timescaledb - operations. You should configure this setting to the sum - of your number of databases and the total number of concurrent - background workers you want running at any given point in - time. - maximum: 4096 - minimum: 1 - type: integer - type: object - variant: - description: Variant of the PostgreSQL service, may affect the - features that are exposed by default - enum: - - aiven - - timescale - type: string - work_mem: - description: Sets the maximum amount of memory to be used by a - query operation (such as a sort or hash table) before writing - to temporary disk files, in MB. Default is 1MB + 0.075% of total - RAM (up to 32MB). - maximum: 1024 - minimum: 1 - type: integer - type: object - required: - - plan - - project - type: object - status: - description: ServiceStatus defines the observed state of service - properties: - conditions: - description: Conditions represent the latest available observations - of a service state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: Tags are key-value pairs that allow you to categorize + services. + type: object + terminationProtection: + description: Prevent service from being deleted. It is recommended + to have this enabled for all services. + type: boolean + userConfig: + description: PostgreSQL specific user configuration options properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time + additional_backup_regions: + description: Additional Cloud Regions for Backup Replication + items: + type: string + maxItems: 1 + type: array + admin_password: + description: Custom password for admin user. Defaults to random + string. This must be set only when a new service is being + created. + maxLength: 256 + minLength: 8 + pattern: ^[a-zA-Z0-9-_]+$ type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + admin_username: + description: Custom username for admin user. This must be set + only when a new service is being created. + maxLength: 64 + pattern: ^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$ type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + backup_hour: + description: The hour of day (in UTC) when backup for the service + is started. New backup is only started if previous backup + has already completed. + maximum: 23 minimum: 0 type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + backup_minute: + description: The minute of an hour when backup for the service + is started. New backup is only started if previous backup + has already completed. + maximum: 59 + minimum: 0 + type: integer + enable_ipv6: + description: Register AAAA DNS records for the service, and + allow IPv6 packets to service ports + type: boolean + ip_filter: + description: Allow incoming connections from CIDR address block, + e.g. '10.20.0.0/16' + items: + description: CIDR address block, either as a string, or in + a dict with an optional description field + properties: + description: + description: Description for IP filter list entry + maxLength: 1024 + type: string + network: + description: CIDR address block + maxLength: 43 + type: string + required: [network] + type: object + maxItems: 1024 + type: array + migration: + description: Migrate data from existing server + properties: + dbname: + description: Database name for bootstrapping the initial + connection + maxLength: 63 + type: string + host: + description: Hostname or IP address of the server where + to migrate data from + maxLength: 255 + type: string + ignore_dbs: + description: Comma-separated list of databases, which should + be ignored during migration (supported by MySQL and PostgreSQL + only at the moment) + maxLength: 2048 + type: string + method: + description: The migration method to be used (currently + supported only by Redis, Dragonfly, MySQL and PostgreSQL + service types) + enum: [dump, replication] + type: string + password: + description: Password for authentication with the server + where to migrate data from + maxLength: 256 + type: string + port: + description: Port number of the server where to migrate + data from + maximum: 65535 + minimum: 1 + type: integer + ssl: + description: The server where to migrate data from is secured + with SSL + type: boolean + username: + description: User name for authentication with the server + where to migrate data from + maxLength: 256 + type: string + required: [host, port] + type: object + pg: + description: postgresql.conf configuration values + properties: + autovacuum_analyze_scale_factor: + description: Specifies a fraction of the table size to add + to autovacuum_analyze_threshold when deciding whether + to trigger an ANALYZE. The default is 0.2 (20% of table + size) + maximum: 1 + minimum: 0 + type: number + autovacuum_analyze_threshold: + description: Specifies the minimum number of inserted, updated + or deleted tuples needed to trigger an ANALYZE in any + one table. The default is 50 tuples. + maximum: 2147483647 + minimum: 0 + type: integer + autovacuum_freeze_max_age: + description: Specifies the maximum age (in transactions) + that a table's pg_class.relfrozenxid field can attain + before a VACUUM operation is forced to prevent transaction + ID wraparound within the table. Note that the system will + launch autovacuum processes to prevent wraparound even + when autovacuum is otherwise disabled. This parameter + will cause the server to be restarted. + maximum: 1500000000 + minimum: 200000000 + type: integer + autovacuum_max_workers: + description: Specifies the maximum number of autovacuum + processes (other than the autovacuum launcher) that may + be running at any one time. The default is three. This + parameter can only be set at server start. + maximum: 20 + minimum: 1 + type: integer + autovacuum_naptime: + description: Specifies the minimum delay between autovacuum + runs on any given database. The delay is measured in seconds, + and the default is one minute + maximum: 86400 + minimum: 1 + type: integer + autovacuum_vacuum_cost_delay: + description: Specifies the cost delay value that will be + used in automatic VACUUM operations. If -1 is specified, + the regular vacuum_cost_delay value will be used. The + default value is 20 milliseconds + maximum: 100 + minimum: -1 + type: integer + autovacuum_vacuum_cost_limit: + description: Specifies the cost limit value that will be + used in automatic VACUUM operations. If -1 is specified + (which is the default), the regular vacuum_cost_limit + value will be used. + maximum: 10000 + minimum: -1 + type: integer + autovacuum_vacuum_scale_factor: + description: Specifies a fraction of the table size to add + to autovacuum_vacuum_threshold when deciding whether to + trigger a VACUUM. The default is 0.2 (20% of table size) + maximum: 1 + minimum: 0 + type: number + autovacuum_vacuum_threshold: + description: Specifies the minimum number of updated or + deleted tuples needed to trigger a VACUUM in any one table. + The default is 50 tuples + maximum: 2147483647 + minimum: 0 + type: integer + bgwriter_delay: + description: Specifies the delay between activity rounds + for the background writer in milliseconds. Default is + 200. + maximum: 10000 + minimum: 10 + type: integer + bgwriter_flush_after: + description: Whenever more than bgwriter_flush_after bytes + have been written by the background writer, attempt to + force the OS to issue these writes to the underlying storage. + Specified in kilobytes, default is 512. Setting of 0 disables + forced writeback. + maximum: 2048 + minimum: 0 + type: integer + bgwriter_lru_maxpages: + description: In each round, no more than this many buffers + will be written by the background writer. Setting this + to zero disables background writing. Default is 100. + maximum: 1073741823 + minimum: 0 + type: integer + bgwriter_lru_multiplier: + description: The average recent need for new buffers is + multiplied by bgwriter_lru_multiplier to arrive at an + estimate of the number that will be needed during the + next round, (up to bgwriter_lru_maxpages). 1.0 represents + a “just in time” policy of writing exactly the number + of buffers predicted to be needed. Larger values provide + some cushion against spikes in demand, while smaller values + intentionally leave writes to be done by server processes. + The default is 2.0. + maximum: 10 + minimum: 0 + type: number + deadlock_timeout: + description: This is the amount of time, in milliseconds, + to wait on a lock before checking to see if there is a + deadlock condition. + maximum: 1800000 + minimum: 500 + type: integer + default_toast_compression: + description: Specifies the default TOAST compression method + for values of compressible columns (the default is lz4). + enum: [lz4, pglz] + type: string + idle_in_transaction_session_timeout: + description: Time out sessions with open transactions after + this number of milliseconds + maximum: 604800000 + minimum: 0 + type: integer + jit: + description: Controls system-wide use of Just-in-Time Compilation + (JIT). + type: boolean + log_autovacuum_min_duration: + description: Causes each action executed by autovacuum to + be logged if it ran for at least the specified number + of milliseconds. Setting this to zero logs all autovacuum + actions. Minus-one (the default) disables logging autovacuum + actions. + maximum: 2147483647 + minimum: -1 + type: integer + log_error_verbosity: + description: Controls the amount of detail written in the + server log for each message that is logged. + enum: [TERSE, DEFAULT, VERBOSE] + type: string + log_line_prefix: + description: Choose from one of the available log-formats. + These can support popular log analyzers like pgbadger, + pganalyze etc. + enum: + - "'pid=%p,user=%u,db=%d,app=%a,client=%h '" + - "'%t [%p]: [%l-1] user=%u,db=%d,app=%a,client=%h '" + - "'%m [%p] %q[user=%u,db=%d,app=%a] '" + type: string + log_min_duration_statement: + description: Log statements that take more than this number + of milliseconds to run, -1 disables + maximum: 86400000 + minimum: -1 + type: integer + log_temp_files: + description: Log statements for each temporary file created + larger than this number of kilobytes, -1 disables + maximum: 2147483647 + minimum: -1 + type: integer + max_files_per_process: + description: PostgreSQL maximum number of files that can + be open per process + maximum: 4096 + minimum: 1000 + type: integer + max_locks_per_transaction: + description: PostgreSQL maximum locks per transaction + maximum: 6400 + minimum: 64 + type: integer + max_logical_replication_workers: + description: PostgreSQL maximum logical replication workers + (taken from the pool of max_parallel_workers) + maximum: 64 + minimum: 4 + type: integer + max_parallel_workers: + description: Sets the maximum number of workers that the + system can support for parallel queries + maximum: 96 + minimum: 0 + type: integer + max_parallel_workers_per_gather: + description: Sets the maximum number of workers that can + be started by a single Gather or Gather Merge node + maximum: 96 + minimum: 0 + type: integer + max_pred_locks_per_transaction: + description: PostgreSQL maximum predicate locks per transaction + maximum: 5120 + minimum: 64 + type: integer + max_prepared_transactions: + description: PostgreSQL maximum prepared transactions + maximum: 10000 + minimum: 0 + type: integer + max_replication_slots: + description: PostgreSQL maximum replication slots + maximum: 64 + minimum: 8 + type: integer + max_slot_wal_keep_size: + description: PostgreSQL maximum WAL size (MB) reserved for + replication slots. Default is -1 (unlimited). wal_keep_size + minimum WAL size setting takes precedence over this. + maximum: 2147483647 + minimum: -1 + type: integer + max_stack_depth: + description: Maximum depth of the stack in bytes + maximum: 6291456 + minimum: 2097152 + type: integer + max_standby_archive_delay: + description: Max standby archive delay in milliseconds + maximum: 43200000 + minimum: 1 + type: integer + max_standby_streaming_delay: + description: Max standby streaming delay in milliseconds + maximum: 43200000 + minimum: 1 + type: integer + max_wal_senders: + description: PostgreSQL maximum WAL senders + maximum: 64 + minimum: 20 + type: integer + max_worker_processes: + description: Sets the maximum number of background processes + that the system can support + maximum: 96 + minimum: 8 + type: integer + pg_partman_bgw.interval: + description: Sets the time interval to run pg_partman's + scheduled tasks + maximum: 604800 + minimum: 3600 + type: integer + pg_partman_bgw.role: + description: Controls which role to use for pg_partman's + scheduled background tasks. + maxLength: 64 + pattern: ^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$ + type: string + pg_stat_monitor.pgsm_enable_query_plan: + description: Enables or disables query plan monitoring + type: boolean + pg_stat_monitor.pgsm_max_buckets: + description: Sets the maximum number of buckets + maximum: 10 + minimum: 1 + type: integer + pg_stat_statements.track: + description: Controls which statements are counted. Specify + top to track top-level statements (those issued directly + by clients), all to also track nested statements (such + as statements invoked within functions), or none to disable + statement statistics collection. The default value is + top. + enum: [all, top, none] + type: string + temp_file_limit: + description: PostgreSQL temporary file limit in KiB, -1 + for unlimited + maximum: 2147483647 + minimum: -1 + type: integer + timezone: + description: PostgreSQL service timezone + maxLength: 64 + type: string + track_activity_query_size: + description: Specifies the number of bytes reserved to track + the currently executing command for each active session. + maximum: 10240 + minimum: 1024 + type: integer + track_commit_timestamp: + description: Record commit time of transactions. + enum: [off, on] + type: string + track_functions: + description: Enables tracking of function call counts and + time used. + enum: [all, pl, none] + type: string + track_io_timing: + description: Enables timing of database I/O calls. This + parameter is off by default, because it will repeatedly + query the operating system for the current time, which + may cause significant overhead on some platforms. + enum: [off, on] + type: string + wal_sender_timeout: + description: Terminate replication connections that are + inactive for longer than this amount of time, in milliseconds. + Setting this value to zero disables the timeout. + type: integer + wal_writer_delay: + description: WAL flush interval in milliseconds. Note that + setting this value to lower than the default 200ms may + negatively impact performance + maximum: 200 + minimum: 10 + type: integer + type: object + pg_qualstats: + description: Deprecated. System-wide settings for the pg_qualstats + extension + properties: + enabled: + description: Deprecated. Enable / Disable pg_qualstats + type: boolean + min_err_estimate_num: + description: Deprecated. Error estimation num threshold + to save quals + minimum: 0 + type: integer + min_err_estimate_ratio: + description: Deprecated. Error estimation ratio threshold + to save quals + minimum: 0 + type: integer + track_constants: + description: Deprecated. Enable / Disable pg_qualstats constants + tracking + type: boolean + track_pg_catalog: + description: Deprecated. Track quals on system catalogs + too. + type: boolean + type: object + pg_read_replica: + description: Should the service which is being forked be a read + replica (deprecated, use read_replica service integration + instead). + type: boolean + pg_service_to_fork_from: + description: Name of the PG Service from which to fork (deprecated, + use service_to_fork_from). This has effect only when a new + service is being created. + maxLength: 64 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + pg_stat_monitor_enable: + description: Enable the pg_stat_monitor extension. Enabling + this extension will cause the cluster to be restarted.When + this extension is enabled, pg_stat_statements results for + utility commands are unreliable + type: boolean + pg_version: + description: PostgreSQL major version + enum: ['11', '12', '13', '14', '15'] + type: string + pgbouncer: + description: PGBouncer connection pooling settings + properties: + autodb_idle_timeout: + description: If the automatically created database pools + have been unused this many seconds, they are freed. If + 0 then timeout is disabled. [seconds] + maximum: 86400 + minimum: 0 + type: integer + autodb_max_db_connections: + description: Do not allow more than this many server connections + per database (regardless of user). Setting it to 0 means + unlimited. + maximum: 2147483647 + minimum: 0 + type: integer + autodb_pool_mode: + description: PGBouncer pool mode + enum: [session, transaction, statement] + type: string + autodb_pool_size: + description: If non-zero then create automatically a pool + of that size per user when a pool doesn't exist. + maximum: 10000 + minimum: 0 + type: integer + ignore_startup_parameters: + description: List of parameters to ignore when given in + startup packet + items: + type: string + maxItems: 32 + type: array + min_pool_size: + description: Add more server connections to pool if below + this number. Improves behavior when usual load comes suddenly + back after period of total inactivity. The value is effectively + capped at the pool size. + maximum: 10000 + minimum: 0 + type: integer + server_idle_timeout: + description: If a server connection has been idle more than + this many seconds it will be dropped. If 0 then timeout + is disabled. [seconds] + maximum: 86400 + minimum: 0 + type: integer + server_lifetime: + description: The pooler will close an unused server connection + that has been connected longer than this. [seconds] + maximum: 86400 + minimum: 60 + type: integer + server_reset_query_always: + description: Run server_reset_query (DISCARD ALL) in all + pooling modes + type: boolean + type: object + pglookout: + description: System-wide settings for pglookout. + properties: + max_failover_replication_time_lag: + description: Number of seconds of master unavailability + before triggering database failover to standby + minimum: 10 + type: integer + type: object + private_access: + description: Allow access to selected service ports from private + networks + properties: + pg: + description: Allow clients to connect to pg with a DNS name + that always resolves to the service's private IP addresses. + Only available in certain network locations + type: boolean + pgbouncer: + description: Allow clients to connect to pgbouncer with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + prometheus: + description: Allow clients to connect to prometheus with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + type: object + privatelink_access: + description: Allow access to selected service components through + Privatelink + properties: + pg: + description: Enable pg + type: boolean + pgbouncer: + description: Enable pgbouncer + type: boolean + prometheus: + description: Enable prometheus + type: boolean + type: object + project_to_fork_from: + description: Name of another project to fork a service from. + This has effect only when a new service is being created. + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + public_access: + description: Allow access to selected service ports from the + public Internet + properties: + pg: + description: Allow clients to connect to pg from the public + internet for service nodes that are in a project VPC or + another type of private network + type: boolean + pgbouncer: + description: Allow clients to connect to pgbouncer from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + prometheus: + description: Allow clients to connect to prometheus from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + type: object + recovery_target_time: + description: Recovery target time when forking a service. This + has effect only when a new service is being created. + maxLength: 32 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + service_log: + description: Store logs for the service so that they are available + in the HTTP API and console. + type: boolean + service_to_fork_from: + description: Name of another service to fork from. This has + effect only when a new service is being created. + maxLength: 64 type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + shared_buffers_percentage: + description: Percentage of total RAM that the database server + uses for shared memory buffers. Valid range is 20-60 (float), + which corresponds to 20% - 60%. This setting adjusts the shared_buffers + configuration value. + maximum: 60 + minimum: 20 + type: number + static_ips: + description: Use static public IP addresses + type: boolean + synchronous_replication: + description: Synchronous replication type. Note that the service + plan also needs to support synchronous replication. + enum: [quorum, off] type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + timescaledb: + description: System-wide settings for the timescaledb extension + properties: + max_background_workers: + description: The number of background workers for timescaledb + operations. You should configure this setting to the sum + of your number of databases and the total number of concurrent + background workers you want running at any given point + in time. + maximum: 4096 + minimum: 1 + type: integer + type: object + variant: + description: Variant of the PostgreSQL service, may affect the + features that are exposed by default + enum: [aiven, timescale] type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + work_mem: + description: Sets the maximum amount of memory to be used by + a query operation (such as a sort or hash table) before writing + to temporary disk files, in MB. Default is 1MB + 0.075% of + total RAM (up to 32MB). + maximum: 1024 + minimum: 1 + type: integer type: object - type: array - state: - description: Service state - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + required: [plan, project] + type: object + status: + description: ServiceStatus defines the observed state of service + properties: + conditions: + description: Conditions represent the latest available observations + of a service state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + state: + description: Service state + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_projects.yaml b/config/crd/bases/aiven.io_projects.yaml index 0bf1f9fc..565ad6c9 100644 --- a/config/crd/bases/aiven.io_projects.yaml +++ b/config/crd/bases/aiven.io_projects.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: projects.aiven.io + spec: group: aiven.io names: @@ -15,229 +17,212 @@ spec: singular: project scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Project is the Schema for the projects API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProjectSpec defines the desired state of Project - properties: - accountId: - description: Account ID - maxLength: 32 - type: string - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - billingAddress: - description: Billing name and address of the project - maxLength: 1000 - type: string - billingCurrency: - description: Billing currency - enum: - - AUD - - CAD - - CHF - - DKK - - EUR - - GBP - - NOK - - SEK - - USD - type: string - billingEmails: - description: Billing contact emails of the project - items: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Project is the Schema for the projects API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProjectSpec defines the desired state of Project + properties: + accountId: + description: Account ID + maxLength: 32 type: string - maxItems: 10 - type: array - billingExtraText: - description: Extra text to be included in all project invoices, e.g. - purchase order or cost center number - maxLength: 1000 - type: string - billingGroupId: - description: BillingGroup ID - maxLength: 36 - minLength: 36 - type: string - cardId: - description: Credit card ID; The ID may be either last 4 digits of - the card or the actual ID - maxLength: 64 - type: string - cloud: - description: 'Target cloud, example: aws-eu-central-1' - maxLength: 256 - type: string - connInfoSecretTarget: - description: 'Information regarding secret creation. Exposed keys: - `PROJECT_CA_CERT`' - properties: - annotations: - additionalProperties: + authSecretRef: + description: Authentication reference to Aiven token in a secret + properties: + key: + minLength: 1 type: string - description: Annotations added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - additionalProperties: + name: + minLength: 1 type: string - description: Labels added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: Name of the secret resource to be created. By default, - is equal to the resource name - type: string - prefix: - description: Prefix for the secret's keys. Added "as is" without - any transformations. By default, is equal to the kind name in - uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. + required: [key, name] + type: object + billingAddress: + description: Billing name and address of the project + maxLength: 1000 + type: string + billingCurrency: + description: Billing currency + enum: [AUD, CAD, CHF, DKK, EUR, GBP, NOK, SEK, USD] + type: string + billingEmails: + description: Billing contact emails of the project + items: type: string - required: - - name - type: object - copyFromProject: - description: Project name from which to copy settings to the new project - maxLength: 63 - type: string - countryCode: - description: Billing country code of the project - maxLength: 2 - minLength: 2 - type: string - tags: - additionalProperties: + maxItems: 10 + type: array + billingExtraText: + description: Extra text to be included in all project invoices, + e.g. purchase order or cost center number + maxLength: 1000 type: string - description: Tags are key-value pairs that allow you to categorize - projects - type: object - technicalEmails: - description: Technical contact emails of the project - items: + billingGroupId: + description: BillingGroup ID + maxLength: 36 + minLength: 36 type: string - maxItems: 10 - type: array - type: object - status: - description: ProjectStatus defines the observed state of Project - properties: - availableCredits: - description: Available credirs - type: string - conditions: - description: Conditions represent the latest available observations - of an Project state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + cardId: + description: Credit card ID; The ID may be either last 4 digits + of the card or the actual ID + maxLength: 64 + type: string + cloud: + description: 'Target cloud, example: aws-eu-central-1' + maxLength: 256 + type: string + connInfoSecretTarget: + description: 'Information regarding secret creation. Exposed keys: + `PROJECT_CA_CERT`' properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 + annotations: + additionalProperties: + type: string + description: Annotations added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: + type: string + description: Labels added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Name of the secret resource to be created. By default, + is equal to the resource name type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown + prefix: + description: Prefix for the secret's keys. Added "as is" without + any transformations. By default, is equal to the kind name + in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + required: [name] + type: object + copyFromProject: + description: Project name from which to copy settings to the new + project + maxLength: 63 + type: string + countryCode: + description: Billing country code of the project + maxLength: 2 + minLength: 2 + type: string + tags: + additionalProperties: + type: string + description: Tags are key-value pairs that allow you to categorize + projects type: object - type: array - country: - description: Country name - type: string - estimatedBalance: - description: Estimated balance - type: string - paymentMethod: - description: Payment method name - type: string - vatId: - description: EU VAT Identification Number - maxLength: 64 - type: string - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} + technicalEmails: + description: Technical contact emails of the project + items: + type: string + maxItems: 10 + type: array + type: object + status: + description: ProjectStatus defines the observed state of Project + properties: + availableCredits: + description: Available credirs + type: string + conditions: + description: Conditions represent the latest available observations + of an Project state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + country: + description: Country name + type: string + estimatedBalance: + description: Estimated balance + type: string + paymentMethod: + description: Payment method name + type: string + vatId: + description: EU VAT Identification Number + maxLength: 64 + type: string + required: [conditions] + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_projectvpcs.yaml b/config/crd/bases/aiven.io_projectvpcs.yaml index 720040e8..8ab8aa1c 100644 --- a/config/crd/bases/aiven.io_projectvpcs.yaml +++ b/config/crd/bases/aiven.io_projectvpcs.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: projectvpcs.aiven.io + spec: group: aiven.io names: @@ -15,165 +17,152 @@ spec: singular: projectvpc scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.cloudName - name: Cloud - type: string - - jsonPath: .spec.networkCidr - name: Network CIDR - type: string - - jsonPath: .status.state - name: State - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ProjectVPC is the Schema for the projectvpcs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProjectVPCSpec defines the desired state of ProjectVPC - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - cloudName: - description: Cloud the VPC is in - maxLength: 256 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - networkCidr: - description: Network address range used by the VPC like 192.168.0.0/24 - maxLength: 36 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - project: - description: The project the VPC belongs to - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - required: - - cloudName - - networkCidr - - project - type: object - status: - description: ProjectVPCStatus defines the observed state of ProjectVPC - properties: - conditions: - description: Conditions represent the latest available observations - of an ProjectVPC state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + - additionalPrinterColumns: + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.cloudName + name: Cloud + type: string + - jsonPath: .spec.networkCidr + name: Network CIDR + type: string + - jsonPath: .status.state + name: State + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ProjectVPC is the Schema for the projectvpcs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProjectVPCSpec defines the desired state of ProjectVPC + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 + key: minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + name: + minLength: 1 type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + required: [key, name] type: object - type: array - id: - description: Project VPC id - type: string - state: - description: State of VPC - type: string - required: - - conditions - - id - - state - type: object - type: object - served: true - storage: true - subresources: - status: {} + cloudName: + description: Cloud the VPC is in + maxLength: 256 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + networkCidr: + description: Network address range used by the VPC like 192.168.0.0/24 + maxLength: 36 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + project: + description: The project the VPC belongs to + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + required: [cloudName, networkCidr, project] + type: object + status: + description: ProjectVPCStatus defines the observed state of ProjectVPC + properties: + conditions: + description: Conditions represent the latest available observations + of an ProjectVPC state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + id: + description: Project VPC id + type: string + state: + description: State of VPC + type: string + required: [conditions, id, state] + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_redis.yaml b/config/crd/bases/aiven.io_redis.yaml index 2b665d1c..0d801967 100644 --- a/config/crd/bases/aiven.io_redis.yaml +++ b/config/crd/bases/aiven.io_redis.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: redis.aiven.io + spec: group: aiven.io names: @@ -15,464 +17,445 @@ spec: singular: redis scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Redis is the Schema for the redis API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RedisSpec defines the desired state of Redis - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - cloudName: - description: Cloud the service runs in. - maxLength: 256 - type: string - connInfoSecretTarget: - description: 'Information regarding secret creation. Exposed keys: - `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`' - properties: - annotations: - additionalProperties: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Redis is the Schema for the redis API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RedisSpec defines the desired state of Redis + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret + properties: + key: + minLength: 1 type: string - description: Annotations added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - additionalProperties: + name: + minLength: 1 type: string - description: Labels added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: Name of the secret resource to be created. By default, - is equal to the resource name - type: string - prefix: - description: Prefix for the secret's keys. Added "as is" without - any transformations. By default, is equal to the kind name in - uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - type: string - required: - - name - type: object - disk_space: - description: The disk space of the service, possible values depend - on the service type, the cloud provider and the project. Reducing - will result in the service re-balancing. - format: ^[1-9][0-9]*(GiB|G)* - type: string - maintenanceWindowDow: - description: Day of week when maintenance operations should be performed. - One monday, tuesday, wednesday, etc. - enum: - - monday - - tuesday - - wednesday - - thursday - - friday - - saturday - - sunday - type: string - maintenanceWindowTime: - description: Time of day when maintenance operations should be performed. - UTC time in HH:mm:ss format. - maxLength: 8 - type: string - plan: - description: Subscription plan. - maxLength: 128 - type: string - project: - description: Target project. - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - projectVPCRef: - description: ProjectVPCRef reference to ProjectVPC resource to use - its ID as ProjectVPCID automatically - properties: - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - required: - - name - type: object - projectVpcId: - description: Identifier of the VPC the service should be in, if any. - maxLength: 36 - type: string - serviceIntegrations: - description: Service integrations to specify when creating a service. - Not applied after initial service creation - items: - description: Service integrations to specify when creating a service. - Not applied after initial service creation + required: [key, name] + type: object + cloudName: + description: Cloud the service runs in. + maxLength: 256 + type: string + connInfoSecretTarget: + description: 'Information regarding secret creation. Exposed keys: + `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`' properties: - integrationType: - enum: - - read_replica + annotations: + additionalProperties: + type: string + description: Annotations added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: + type: string + description: Labels added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Name of the secret resource to be created. By default, + is equal to the resource name type: string - sourceServiceName: - maxLength: 64 - minLength: 1 + prefix: + description: Prefix for the secret's keys. Added "as is" without + any transformations. By default, is equal to the kind name + in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. type: string - required: - - integrationType - - sourceServiceName + required: [name] type: object - maxItems: 1 - type: array - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - tags: - additionalProperties: + disk_space: + description: The disk space of the service, possible values depend + on the service type, the cloud provider and the project. Reducing + will result in the service re-balancing. + format: ^[1-9][0-9]*(GiB|G)* + type: string + maintenanceWindowDow: + description: Day of week when maintenance operations should be performed. + One monday, tuesday, wednesday, etc. + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + maintenanceWindowTime: + description: Time of day when maintenance operations should be performed. + UTC time in HH:mm:ss format. + maxLength: 8 type: string - description: Tags are key-value pairs that allow you to categorize - services. - type: object - terminationProtection: - description: Prevent service from being deleted. It is recommended - to have this enabled for all services. - type: boolean - userConfig: - description: Redis specific user configuration options - properties: - additional_backup_regions: - description: Additional Cloud Regions for Backup Replication - items: + plan: + description: Subscription plan. + maxLength: 128 + type: string + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + projectVPCRef: + description: ProjectVPCRef reference to ProjectVPC resource to use + its ID as ProjectVPCID automatically + properties: + name: + minLength: 1 type: string - maxItems: 1 - type: array - ip_filter: - description: Allow incoming connections from CIDR address block, - e.g. '10.20.0.0/16' - items: - description: CIDR address block, either as a string, or in a - dict with an optional description field - properties: - description: - description: Description for IP filter list entry - maxLength: 1024 - type: string - network: - description: CIDR address block - maxLength: 43 - type: string - required: - - network - type: object - maxItems: 1024 - type: array - migration: - description: Migrate data from existing server + namespace: + minLength: 1 + type: string + required: [name] + type: object + projectVpcId: + description: Identifier of the VPC the service should be in, if + any. + maxLength: 36 + type: string + serviceIntegrations: + description: Service integrations to specify when creating a service. + Not applied after initial service creation + items: + description: Service integrations to specify when creating a service. + Not applied after initial service creation properties: - dbname: - description: Database name for bootstrapping the initial connection - maxLength: 63 - type: string - host: - description: Hostname or IP address of the server where to - migrate data from - maxLength: 255 - type: string - ignore_dbs: - description: Comma-separated list of databases, which should - be ignored during migration (supported by MySQL and PostgreSQL - only at the moment) - maxLength: 2048 + integrationType: + enum: [read_replica] type: string - method: - description: The migration method to be used (currently supported - only by Redis, Dragonfly, MySQL and PostgreSQL service types) - enum: - - dump - - replication + sourceServiceName: + maxLength: 64 + minLength: 1 type: string - password: - description: Password for authentication with the server where - to migrate data from - maxLength: 256 - type: string - port: - description: Port number of the server where to migrate data - from - maximum: 65535 - minimum: 1 - type: integer - ssl: - description: The server where to migrate data from is secured - with SSL - type: boolean - username: - description: User name for authentication with the server - where to migrate data from - maxLength: 256 - type: string - required: - - host - - port - type: object - private_access: - description: Allow access to selected service ports from private - networks - properties: - prometheus: - description: Allow clients to connect to prometheus with a - DNS name that always resolves to the service's private IP - addresses. Only available in certain network locations - type: boolean - redis: - description: Allow clients to connect to redis with a DNS - name that always resolves to the service's private IP addresses. - Only available in certain network locations - type: boolean - type: object - privatelink_access: - description: Allow access to selected service components through - Privatelink - properties: - prometheus: - description: Enable prometheus - type: boolean - redis: - description: Enable redis - type: boolean + required: [integrationType, sourceServiceName] type: object - project_to_fork_from: - description: Name of another project to fork a service from. This - has effect only when a new service is being created. - maxLength: 63 - type: string - x-kubernetes-validations: + maxItems: 1 + type: array + x-kubernetes-validations: - message: Value is immutable rule: self == oldSelf - public_access: - description: Allow access to selected service ports from the public - Internet - properties: - prometheus: - description: Allow clients to connect to prometheus from the - public internet for service nodes that are in a project - VPC or another type of private network - type: boolean - redis: - description: Allow clients to connect to redis from the public - internet for service nodes that are in a project VPC or - another type of private network - type: boolean - type: object - recovery_basebackup_name: - description: Name of the basebackup to restore in forked service - maxLength: 128 - pattern: ^[a-zA-Z0-9-_:.]+$ - type: string - redis_acl_channels_default: - description: Determines default pub/sub channels' ACL for new - users if ACL is not supplied. When this option is not defined, - all_channels is assumed to keep backward compatibility. This - option doesn't affect Redis configuration acl-pubsub-default. - enum: - - allchannels - - resetchannels - type: string - redis_io_threads: - description: Set Redis IO thread count. Changing this will cause - a restart of the Redis service. - maximum: 32 - minimum: 1 - type: integer - redis_lfu_decay_time: - description: LFU maxmemory-policy counter decay time in minutes - maximum: 120 - minimum: 1 - type: integer - redis_lfu_log_factor: - description: Counter logarithm factor for volatile-lfu and allkeys-lfu - maxmemory-policies - maximum: 100 - minimum: 0 - type: integer - redis_maxmemory_policy: - description: Redis maxmemory-policy - enum: - - noeviction - - allkeys-lru - - volatile-lru - - allkeys-random - - volatile-random - - volatile-ttl - - volatile-lfu - - allkeys-lfu + tags: + additionalProperties: type: string - redis_notify_keyspace_events: - description: Set notify-keyspace-events option - maxLength: 32 - pattern: ^[KEg\$lshzxeA]*$ - type: string - redis_number_of_databases: - description: Set number of Redis databases. Changing this will - cause a restart of the Redis service. - maximum: 128 - minimum: 1 - type: integer - redis_persistence: - description: When persistence is 'rdb', Redis does RDB dumps each - 10 minutes if any key is changed. Also RDB dumps are done according - to backup schedule for backup purposes. When persistence is - 'off', no RDB dumps and backups are done, so data can be lost - at any moment if service is restarted for any reason, or if - service is powered off. Also service can't be forked. - enum: - - "off" - - rdb - type: string - redis_pubsub_client_output_buffer_limit: - description: Set output buffer limit for pub / sub clients in - MB. The value is the hard limit, the soft limit is 1/4 of the - hard limit. When setting the limit, be mindful of the available - memory in the selected service plan. - maximum: 512 - minimum: 32 - type: integer - redis_ssl: - description: Require SSL to access Redis - type: boolean - redis_timeout: - description: Redis idle connection timeout in seconds - maximum: 31536000 - minimum: 0 - type: integer - service_log: - description: Store logs for the service so that they are available - in the HTTP API and console. - type: boolean - service_to_fork_from: - description: Name of another service to fork from. This has effect - only when a new service is being created. - maxLength: 64 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - static_ips: - description: Use static public IP addresses - type: boolean - type: object - required: - - plan - - project - type: object - status: - description: ServiceStatus defines the observed state of service - properties: - conditions: - description: Conditions represent the latest available observations - of a service state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: Tags are key-value pairs that allow you to categorize + services. + type: object + terminationProtection: + description: Prevent service from being deleted. It is recommended + to have this enabled for all services. + type: boolean + userConfig: + description: Redis specific user configuration options properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time + additional_backup_regions: + description: Additional Cloud Regions for Backup Replication + items: + type: string + maxItems: 1 + type: array + ip_filter: + description: Allow incoming connections from CIDR address block, + e.g. '10.20.0.0/16' + items: + description: CIDR address block, either as a string, or in + a dict with an optional description field + properties: + description: + description: Description for IP filter list entry + maxLength: 1024 + type: string + network: + description: CIDR address block + maxLength: 43 + type: string + required: [network] + type: object + maxItems: 1024 + type: array + migration: + description: Migrate data from existing server + properties: + dbname: + description: Database name for bootstrapping the initial + connection + maxLength: 63 + type: string + host: + description: Hostname or IP address of the server where + to migrate data from + maxLength: 255 + type: string + ignore_dbs: + description: Comma-separated list of databases, which should + be ignored during migration (supported by MySQL and PostgreSQL + only at the moment) + maxLength: 2048 + type: string + method: + description: The migration method to be used (currently + supported only by Redis, Dragonfly, MySQL and PostgreSQL + service types) + enum: [dump, replication] + type: string + password: + description: Password for authentication with the server + where to migrate data from + maxLength: 256 + type: string + port: + description: Port number of the server where to migrate + data from + maximum: 65535 + minimum: 1 + type: integer + ssl: + description: The server where to migrate data from is secured + with SSL + type: boolean + username: + description: User name for authentication with the server + where to migrate data from + maxLength: 256 + type: string + required: [host, port] + type: object + private_access: + description: Allow access to selected service ports from private + networks + properties: + prometheus: + description: Allow clients to connect to prometheus with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + redis: + description: Allow clients to connect to redis with a DNS + name that always resolves to the service's private IP + addresses. Only available in certain network locations + type: boolean + type: object + privatelink_access: + description: Allow access to selected service components through + Privatelink + properties: + prometheus: + description: Enable prometheus + type: boolean + redis: + description: Enable redis + type: boolean + type: object + project_to_fork_from: + description: Name of another project to fork a service from. + This has effect only when a new service is being created. + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + public_access: + description: Allow access to selected service ports from the + public Internet + properties: + prometheus: + description: Allow clients to connect to prometheus from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + redis: + description: Allow clients to connect to redis from the + public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + type: object + recovery_basebackup_name: + description: Name of the basebackup to restore in forked service + maxLength: 128 + pattern: ^[a-zA-Z0-9-_:.]+$ type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 + redis_acl_channels_default: + description: Determines default pub/sub channels' ACL for new + users if ACL is not supplied. When this option is not defined, + all_channels is assumed to keep backward compatibility. This + option doesn't affect Redis configuration acl-pubsub-default. + enum: [allchannels, resetchannels] type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 + redis_io_threads: + description: Set Redis IO thread count. Changing this will cause + a restart of the Redis service. + maximum: 32 + minimum: 1 + type: integer + redis_lfu_decay_time: + description: LFU maxmemory-policy counter decay time in minutes + maximum: 120 + minimum: 1 + type: integer + redis_lfu_log_factor: + description: Counter logarithm factor for volatile-lfu and allkeys-lfu + maxmemory-policies + maximum: 100 minimum: 0 type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. + redis_maxmemory_policy: + description: Redis maxmemory-policy enum: - - "True" - - "False" - - Unknown + - noeviction + - allkeys-lru + - volatile-lru + - allkeys-random + - volatile-random + - volatile-ttl + - volatile-lfu + - allkeys-lfu + type: string + redis_notify_keyspace_events: + description: Set notify-keyspace-events option + maxLength: 32 + pattern: ^[KEg\$lshzxeA]*$ type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + redis_number_of_databases: + description: Set number of Redis databases. Changing this will + cause a restart of the Redis service. + maximum: 128 + minimum: 1 + type: integer + redis_persistence: + description: When persistence is 'rdb', Redis does RDB dumps + each 10 minutes if any key is changed. Also RDB dumps are + done according to backup schedule for backup purposes. When + persistence is 'off', no RDB dumps and backups are done, so + data can be lost at any moment if service is restarted for + any reason, or if service is powered off. Also service can't + be forked. + enum: [off, rdb] + type: string + redis_pubsub_client_output_buffer_limit: + description: Set output buffer limit for pub / sub clients in + MB. The value is the hard limit, the soft limit is 1/4 of + the hard limit. When setting the limit, be mindful of the + available memory in the selected service plan. + maximum: 512 + minimum: 32 + type: integer + redis_ssl: + description: Require SSL to access Redis + type: boolean + redis_timeout: + description: Redis idle connection timeout in seconds + maximum: 31536000 + minimum: 0 + type: integer + service_log: + description: Store logs for the service so that they are available + in the HTTP API and console. + type: boolean + service_to_fork_from: + description: Name of another service to fork from. This has + effect only when a new service is being created. + maxLength: 64 type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + static_ips: + description: Use static public IP addresses + type: boolean type: object - type: array - state: - description: Service state - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + required: [plan, project] + type: object + status: + description: ServiceStatus defines the observed state of service + properties: + conditions: + description: Conditions represent the latest available observations + of a service state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + state: + description: Service state + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_serviceintegrations.yaml b/config/crd/bases/aiven.io_serviceintegrations.yaml index 7ba61edd..6ffca4f3 100644 --- a/config/crd/bases/aiven.io_serviceintegrations.yaml +++ b/config/crd/bases/aiven.io_serviceintegrations.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: serviceintegrations.aiven.io + spec: group: aiven.io names: @@ -15,748 +17,711 @@ spec: singular: serviceintegration scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.integrationType - name: Type - type: string - - jsonPath: .spec.sourceServiceName - name: Source Service Name - type: string - - jsonPath: .spec.destinationServiceName - name: Destination Service Name - type: string - - jsonPath: .spec.sourceEndpointId - name: Source Endpoint ID - type: string - - jsonPath: .spec.destinationEndpointId - name: Destination Endpoint ID - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ServiceIntegration is the Schema for the serviceintegrations - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceIntegrationSpec defines the desired state of ServiceIntegration - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - clickhouseKafka: - description: Clickhouse Kafka configuration values - properties: - tables: - description: Tables to create - items: - description: Table to create + - additionalPrinterColumns: + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.integrationType + name: Type + type: string + - jsonPath: .spec.sourceServiceName + name: Source Service Name + type: string + - jsonPath: .spec.destinationServiceName + name: Destination Service Name + type: string + - jsonPath: .spec.sourceEndpointId + name: Source Endpoint ID + type: string + - jsonPath: .spec.destinationEndpointId + name: Destination Endpoint ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ServiceIntegration is the Schema for the serviceintegrations + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServiceIntegrationSpec defines the desired state of ServiceIntegration + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret + properties: + key: + minLength: 1 + type: string + name: + minLength: 1 + type: string + required: [key, name] + type: object + clickhouseKafka: + description: Clickhouse Kafka configuration values + properties: + tables: + description: Tables to create + items: + description: Table to create + properties: + auto_offset_reset: + description: Action to take when there is no initial offset + in offset store or the desired offset is out of range + enum: [smallest, earliest, beginning, largest, latest, + end] + type: string + columns: + description: Table columns + items: + description: Table column + properties: + name: + description: Column name + maxLength: 40 + minLength: 1 + type: string + type: + description: Column type + maxLength: 1000 + minLength: 1 + type: string + required: [name, type] + type: object + maxItems: 100 + type: array + data_format: + description: Message data format + enum: + - Avro + - CSV + - JSONAsString + - JSONCompactEachRow + - JSONCompactStringsEachRow + - JSONEachRow + - JSONStringsEachRow + - MsgPack + - TSKV + - TSV + - TabSeparated + - RawBLOB + - AvroConfluent + type: string + date_time_input_format: + description: Method to read DateTime from text input formats + enum: [basic, best_effort, best_effort_us] + type: string + group_name: + description: Kafka consumers group + maxLength: 249 + minLength: 1 + type: string + handle_error_mode: + description: How to handle errors for Kafka engine + enum: [default, stream] + type: string + max_block_size: + description: Number of row collected by poll(s) for flushing + data from Kafka + maximum: 1000000000 + minimum: 0 + type: integer + max_rows_per_message: + description: The maximum number of rows produced in one + kafka message for row-based formats + maximum: 1000000000 + minimum: 1 + type: integer + name: + description: Name of the table + maxLength: 40 + minLength: 1 + type: string + num_consumers: + description: The number of consumers per table per replica + maximum: 10 + minimum: 1 + type: integer + poll_max_batch_size: + description: Maximum amount of messages to be polled in + a single Kafka poll + maximum: 1000000000 + minimum: 0 + type: integer + skip_broken_messages: + description: Skip at least this number of broken messages + from Kafka topic per block + maximum: 1000000000 + minimum: 0 + type: integer + topics: + description: Kafka topics + items: + description: Kafka topic + properties: + name: + description: Name of the topic + maxLength: 249 + minLength: 1 + type: string + required: [name] + type: object + maxItems: 100 + type: array + required: [columns, data_format, group_name, name, topics] + type: object + maxItems: 100 + type: array + type: object + clickhousePostgresql: + description: Clickhouse PostgreSQL configuration values + properties: + databases: + description: Databases to expose + items: + description: Database to expose + properties: + database: + description: PostgreSQL database to expose + maxLength: 63 + minLength: 1 + type: string + schema: + description: PostgreSQL schema to expose + maxLength: 63 + minLength: 1 + type: string + type: object + maxItems: 10 + type: array + type: object + datadog: + description: Datadog specific user configuration options + properties: + datadog_dbm_enabled: + description: Enable Datadog Database Monitoring + type: boolean + datadog_tags: + description: Custom tags provided by user + items: + description: Datadog tag defined by user + properties: + comment: + description: Optional tag explanation + maxLength: 1024 + type: string + tag: + description: "Tag format and usage are described here:\ + \ https://docs.datadoghq.com/getting_started/tagging.\ + \ Tags with prefix 'aiven-' are reserved for Aiven." + maxLength: 200 + minLength: 1 + type: string + required: [tag] + type: object + maxItems: 32 + type: array + exclude_consumer_groups: + description: List of custom metrics + items: + type: string + maxItems: 1024 + type: array + exclude_topics: + description: List of topics to exclude + items: + type: string + maxItems: 1024 + type: array + include_consumer_groups: + description: List of custom metrics + items: + type: string + maxItems: 1024 + type: array + include_topics: + description: List of topics to include + items: + type: string + maxItems: 1024 + type: array + kafka_custom_metrics: + description: List of custom metrics + items: + type: string + maxItems: 1024 + type: array + max_jmx_metrics: + description: Maximum number of JMX metrics to send + maximum: 100000 + minimum: 10 + type: integer + opensearch: + description: Datadog Opensearch Options properties: - auto_offset_reset: - description: Action to take when there is no initial offset - in offset store or the desired offset is out of range - enum: - - smallest - - earliest - - beginning - - largest - - latest - - end - type: string - columns: - description: Table columns - items: - description: Table column - properties: - name: - description: Column name - maxLength: 40 - minLength: 1 - type: string - type: - description: Column type - maxLength: 1000 - minLength: 1 - type: string - required: - - name - - type - type: object - maxItems: 100 - type: array - data_format: - description: Message data format - enum: - - Avro - - CSV - - JSONAsString - - JSONCompactEachRow - - JSONCompactStringsEachRow - - JSONEachRow - - JSONStringsEachRow - - MsgPack - - TSKV - - TSV - - TabSeparated - - RawBLOB - - AvroConfluent + index_stats_enabled: + description: Enable Datadog Opensearch Index Monitoring + type: boolean + pending_task_stats_enabled: + description: Enable Datadog Opensearch Pending Task Monitoring + type: boolean + pshard_stats_enabled: + description: Enable Datadog Opensearch Primary Shard Monitoring + type: boolean + type: object + redis: + description: Datadog Redis Options + properties: + command_stats_enabled: + description: Enable command_stats option in the agent's + configuration + type: boolean + type: object + type: object + destinationEndpointId: + description: Destination endpoint for the integration (if any) + maxLength: 36 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + destinationProjectName: + description: Destination project for the integration (if any) + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + destinationServiceName: + description: Destination service for the integration (if any) + maxLength: 64 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + externalAWSCloudwatchMetrics: + description: External AWS CloudWatch Metrics integration Logs configuration + values + properties: + dropped_metrics: + description: Metrics to not send to AWS CloudWatch (takes precedence + over extra_metrics) + items: + description: Metric name and subfield + properties: + field: + description: Identifier of a value in the metric + maxLength: 1000 + type: string + metric: + description: Identifier of the metric + maxLength: 1000 + type: string + required: [field, metric] + type: object + maxItems: 1024 + type: array + extra_metrics: + description: Metrics to allow through to AWS CloudWatch (in + addition to default metrics) + items: + description: Metric name and subfield + properties: + field: + description: Identifier of a value in the metric + maxLength: 1000 + type: string + metric: + description: Identifier of the metric + maxLength: 1000 + type: string + required: [field, metric] + type: object + maxItems: 1024 + type: array + type: object + integrationType: + description: Type of the service integration accepted by Aiven API. + Some values may not be supported by the operator + enum: + - alertmanager + - autoscaler + - caching + - cassandra_cross_service_cluster + - clickhouse_kafka + - clickhouse_postgresql + - dashboard + - datadog + - datasource + - external_aws_cloudwatch_logs + - external_aws_cloudwatch_metrics + - external_elasticsearch_logs + - external_google_cloud_logging + - external_opensearch_logs + - flink + - flink_external_kafka + - internal_connectivity + - jolokia + - kafka_connect + - kafka_logs + - kafka_mirrormaker + - logs + - m3aggregator + - m3coordinator + - metrics + - opensearch_cross_cluster_replication + - opensearch_cross_cluster_search + - prometheus + - read_replica + - rsyslog + - schema_registry_proxy + - stresstester + - thanosquery + - thanosstore + - vmalert + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + kafkaConnect: + description: Kafka Connect service configuration values + properties: + kafka_connect: + description: Kafka Connect service configuration values + properties: + config_storage_topic: + description: The name of the topic where connector and task + configuration data are stored.This must be the same for + all workers with the same group_id. + maxLength: 249 type: string - date_time_input_format: - description: Method to read DateTime from text input formats - enum: - - basic - - best_effort - - best_effort_us + group_id: + description: A unique string that identifies the Connect + cluster group this worker belongs to. + maxLength: 249 type: string - group_name: - description: Kafka consumers group + offset_storage_topic: + description: The name of the topic where connector and task + configuration offsets are stored.This must be the same + for all workers with the same group_id. maxLength: 249 - minLength: 1 type: string - handle_error_mode: - description: How to handle errors for Kafka engine - enum: - - default - - stream + status_storage_topic: + description: The name of the topic where connector and task + configuration status updates are stored.This must be the + same for all workers with the same group_id. + maxLength: 249 type: string - max_block_size: - description: Number of row collected by poll(s) for flushing - data from Kafka - maximum: 1000000000 + type: object + type: object + kafkaLogs: + description: Kafka logs configuration values + properties: + kafka_topic: + description: Topic name + maxLength: 249 + minLength: 1 + type: string + selected_log_fields: + description: The list of logging fields that will be sent to + the integration logging service. The MESSAGE and timestamp + fields are always sent. + items: + type: string + maxItems: 5 + type: array + required: [kafka_topic] + type: object + kafkaMirrormaker: + description: Kafka MirrorMaker configuration values + properties: + cluster_alias: + description: "The alias under which the Kafka cluster is known\ + \ to MirrorMaker. Can contain the following symbols: ASCII\ + \ alphanumerics, '.', '_', and '-'." + maxLength: 128 + pattern: ^[a-zA-Z0-9_.-]+$ + type: string + kafka_mirrormaker: + description: Kafka MirrorMaker configuration values + properties: + consumer_fetch_min_bytes: + description: The minimum amount of data the server should + return for a fetch request + maximum: 5242880 + minimum: 1 + type: integer + producer_batch_size: + description: The batch size in bytes producer will attempt + to collect before publishing to broker. + maximum: 5242880 minimum: 0 type: integer - max_rows_per_message: - description: The maximum number of rows produced in one - kafka message for row-based formats - maximum: 1000000000 - minimum: 1 + producer_buffer_memory: + description: The amount of bytes producer can use for buffering + data before publishing to broker. + maximum: 134217728 + minimum: 5242880 type: integer - name: - description: Name of the table - maxLength: 40 - minLength: 1 + producer_compression_type: + description: Specify the default compression type for producers. + This configuration accepts the standard compression codecs + ('gzip', 'snappy', 'lz4', 'zstd'). It additionally accepts + 'none' which is the default and equivalent to no compression. + enum: [gzip, snappy, lz4, zstd, none] type: string - num_consumers: - description: The number of consumers per table per replica - maximum: 10 - minimum: 1 - type: integer - poll_max_batch_size: - description: Maximum amount of messages to be polled in - a single Kafka poll - maximum: 1000000000 + producer_linger_ms: + description: The linger time (ms) for waiting new data to + arrive for publishing. + maximum: 5000 minimum: 0 type: integer - skip_broken_messages: - description: Skip at least this number of broken messages - from Kafka topic per block - maximum: 1000000000 + producer_max_request_size: + description: The maximum request size in bytes. + maximum: 268435456 minimum: 0 type: integer - topics: - description: Kafka topics - items: - description: Kafka topic - properties: - name: - description: Name of the topic - maxLength: 249 - minLength: 1 - type: string - required: - - name - type: object - maxItems: 100 - type: array - required: - - columns - - data_format - - group_name - - name - - topics - type: object - maxItems: 100 - type: array - type: object - clickhousePostgresql: - description: Clickhouse PostgreSQL configuration values - properties: - databases: - description: Databases to expose - items: - description: Database to expose - properties: - database: - description: PostgreSQL database to expose - maxLength: 63 - minLength: 1 - type: string - schema: - description: PostgreSQL schema to expose - maxLength: 63 - minLength: 1 - type: string - type: object - maxItems: 10 - type: array - type: object - datadog: - description: Datadog specific user configuration options - properties: - datadog_dbm_enabled: - description: Enable Datadog Database Monitoring - type: boolean - datadog_tags: - description: Custom tags provided by user - items: - description: Datadog tag defined by user - properties: - comment: - description: Optional tag explanation - maxLength: 1024 - type: string - tag: - description: 'Tag format and usage are described here: https://docs.datadoghq.com/getting_started/tagging. - Tags with prefix ''aiven-'' are reserved for Aiven.' - maxLength: 200 - minLength: 1 - type: string - required: - - tag type: object - maxItems: 32 - type: array - exclude_consumer_groups: - description: List of custom metrics - items: - type: string - maxItems: 1024 - type: array - exclude_topics: - description: List of topics to exclude - items: - type: string - maxItems: 1024 - type: array - include_consumer_groups: - description: List of custom metrics - items: + type: object + logs: + description: Logs configuration values + properties: + elasticsearch_index_days_max: + description: Elasticsearch index retention limit + maximum: 10000 + minimum: 1 + type: integer + elasticsearch_index_prefix: + description: Elasticsearch index prefix + maxLength: 1024 + minLength: 1 type: string - maxItems: 1024 - type: array - include_topics: - description: List of topics to include - items: + selected_log_fields: + description: The list of logging fields that will be sent to + the integration logging service. The MESSAGE and timestamp + fields are always sent. + items: + type: string + maxItems: 5 + type: array + type: object + metrics: + description: Metrics configuration values + properties: + database: + description: Name of the database where to store metric datapoints. + Only affects PostgreSQL destinations. Defaults to 'metrics'. + Note that this must be the same for all metrics integrations + that write data to the same PostgreSQL service. + maxLength: 40 + pattern: ^[_A-Za-z0-9][-_A-Za-z0-9]{0,39}$ type: string - maxItems: 1024 - type: array - kafka_custom_metrics: - description: List of custom metrics - items: + retention_days: + description: Number of days to keep old metrics. Only affects + PostgreSQL destinations. Set to 0 for no automatic cleanup. + Defaults to 30 days. + maximum: 10000 + minimum: 0 + type: integer + ro_username: + description: Name of a user that can be used to read metrics. + This will be used for Grafana integration (if enabled) to + prevent Grafana users from making undesired changes. Only + affects PostgreSQL destinations. Defaults to 'metrics_reader'. + Note that this must be the same for all metrics integrations + that write data to the same PostgreSQL service. + maxLength: 40 + pattern: ^[_A-Za-z0-9][-._A-Za-z0-9]{0,39}$ type: string - maxItems: 1024 - type: array - max_jmx_metrics: - description: Maximum number of JMX metrics to send - maximum: 100000 - minimum: 10 - type: integer - opensearch: - description: Datadog Opensearch Options - properties: - index_stats_enabled: - description: Enable Datadog Opensearch Index Monitoring - type: boolean - pending_task_stats_enabled: - description: Enable Datadog Opensearch Pending Task Monitoring - type: boolean - pshard_stats_enabled: - description: Enable Datadog Opensearch Primary Shard Monitoring - type: boolean - type: object - redis: - description: Datadog Redis Options - properties: - command_stats_enabled: - description: Enable command_stats option in the agent's configuration - type: boolean - type: object - type: object - destinationEndpointId: - description: Destination endpoint for the integration (if any) - maxLength: 36 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - destinationProjectName: - description: Destination project for the integration (if any) - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - destinationServiceName: - description: Destination service for the integration (if any) - maxLength: 64 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - externalAWSCloudwatchMetrics: - description: External AWS CloudWatch Metrics integration Logs configuration - values - properties: - dropped_metrics: - description: Metrics to not send to AWS CloudWatch (takes precedence - over extra_metrics) - items: - description: Metric name and subfield - properties: - field: - description: Identifier of a value in the metric - maxLength: 1000 - type: string - metric: - description: Identifier of the metric - maxLength: 1000 - type: string - required: - - field - - metric - type: object - maxItems: 1024 - type: array - extra_metrics: - description: Metrics to allow through to AWS CloudWatch (in addition - to default metrics) - items: - description: Metric name and subfield + source_mysql: + description: Configuration options for metrics where source + service is MySQL properties: - field: - description: Identifier of a value in the metric - maxLength: 1000 - type: string - metric: - description: Identifier of the metric - maxLength: 1000 - type: string - required: - - field - - metric + telegraf: + description: Configuration options for Telegraf MySQL input + plugin + properties: + gather_event_waits: + description: Gather metrics from PERFORMANCE_SCHEMA.EVENT_WAITS + type: boolean + gather_file_events_stats: + description: gather metrics from PERFORMANCE_SCHEMA.FILE_SUMMARY_BY_EVENT_NAME + type: boolean + gather_index_io_waits: + description: Gather metrics from PERFORMANCE_SCHEMA.TABLE_IO_WAITS_SUMMARY_BY_INDEX_USAGE + type: boolean + gather_info_schema_auto_inc: + description: Gather auto_increment columns and max values + from information schema + type: boolean + gather_innodb_metrics: + description: Gather metrics from INFORMATION_SCHEMA.INNODB_METRICS + type: boolean + gather_perf_events_statements: + description: Gather metrics from PERFORMANCE_SCHEMA.EVENTS_STATEMENTS_SUMMARY_BY_DIGEST + type: boolean + gather_process_list: + description: Gather thread state counts from INFORMATION_SCHEMA.PROCESSLIST + type: boolean + gather_slave_status: + description: Gather metrics from SHOW SLAVE STATUS command + output + type: boolean + gather_table_io_waits: + description: Gather metrics from PERFORMANCE_SCHEMA.TABLE_IO_WAITS_SUMMARY_BY_TABLE + type: boolean + gather_table_lock_waits: + description: Gather metrics from PERFORMANCE_SCHEMA.TABLE_LOCK_WAITS + type: boolean + gather_table_schema: + description: Gather metrics from INFORMATION_SCHEMA.TABLES + type: boolean + perf_events_statements_digest_text_limit: + description: Truncates digest text from perf_events_statements + into this many characters + maximum: 2048 + minimum: 1 + type: integer + perf_events_statements_limit: + description: Limits metrics from perf_events_statements + maximum: 4000 + minimum: 1 + type: integer + perf_events_statements_time_limit: + description: Only include perf_events_statements whose + last seen is less than this many seconds + maximum: 2592000 + minimum: 1 + type: integer + type: object type: object - maxItems: 1024 - type: array - type: object - integrationType: - description: Type of the service integration accepted by Aiven API. - Some values may not be supported by the operator - enum: - - alertmanager - - autoscaler - - caching - - cassandra_cross_service_cluster - - clickhouse_kafka - - clickhouse_postgresql - - dashboard - - datadog - - datasource - - external_aws_cloudwatch_logs - - external_aws_cloudwatch_metrics - - external_elasticsearch_logs - - external_google_cloud_logging - - external_opensearch_logs - - flink - - flink_external_kafka - - internal_connectivity - - jolokia - - kafka_connect - - kafka_logs - - kafka_mirrormaker - - logs - - m3aggregator - - m3coordinator - - metrics - - opensearch_cross_cluster_replication - - opensearch_cross_cluster_search - - prometheus - - read_replica - - rsyslog - - schema_registry_proxy - - stresstester - - thanosquery - - thanosstore - - vmalert - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - kafkaConnect: - description: Kafka Connect service configuration values - properties: - kafka_connect: - description: Kafka Connect service configuration values + username: + description: Name of the user used to write metrics. Only affects + PostgreSQL destinations. Defaults to 'metrics_writer'. Note + that this must be the same for all metrics integrations that + write data to the same PostgreSQL service. + maxLength: 40 + pattern: ^[_A-Za-z0-9][-._A-Za-z0-9]{0,39}$ + type: string + type: object + project: + description: Project the integration belongs to + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + sourceEndpointID: + description: Source endpoint for the integration (if any) + maxLength: 36 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + sourceProjectName: + description: Source project for the integration (if any) + maxLength: 63 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + sourceServiceName: + description: Source service for the integration (if any) + maxLength: 64 + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + required: [integrationType, project] + type: object + status: + description: ServiceIntegrationStatus defines the observed state of + ServiceIntegration + properties: + conditions: + description: Conditions represent the latest available observations + of an ServiceIntegration state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" properties: - config_storage_topic: - description: The name of the topic where connector and task - configuration data are stored.This must be the same for - all workers with the same group_id. - maxLength: 249 - type: string - group_id: - description: A unique string that identifies the Connect cluster - group this worker belongs to. - maxLength: 249 + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time type: string - offset_storage_topic: - description: The name of the topic where connector and task - configuration offsets are stored.This must be the same for - all workers with the same group_id. - maxLength: 249 + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 type: string - status_storage_topic: - description: The name of the topic where connector and task - configuration status updates are stored.This must be the - same for all workers with the same group_id. - maxLength: 249 - type: string - type: object - type: object - kafkaLogs: - description: Kafka logs configuration values - properties: - kafka_topic: - description: Topic name - maxLength: 249 - minLength: 1 - type: string - selected_log_fields: - description: The list of logging fields that will be sent to the - integration logging service. The MESSAGE and timestamp fields - are always sent. - items: - type: string - maxItems: 5 - type: array - required: - - kafka_topic - type: object - kafkaMirrormaker: - description: Kafka MirrorMaker configuration values - properties: - cluster_alias: - description: 'The alias under which the Kafka cluster is known - to MirrorMaker. Can contain the following symbols: ASCII alphanumerics, - ''.'', ''_'', and ''-''.' - maxLength: 128 - pattern: ^[a-zA-Z0-9_.-]+$ - type: string - kafka_mirrormaker: - description: Kafka MirrorMaker configuration values - properties: - consumer_fetch_min_bytes: - description: The minimum amount of data the server should - return for a fetch request - maximum: 5242880 - minimum: 1 - type: integer - producer_batch_size: - description: The batch size in bytes producer will attempt - to collect before publishing to broker. - maximum: 5242880 + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 minimum: 0 type: integer - producer_buffer_memory: - description: The amount of bytes producer can use for buffering - data before publishing to broker. - maximum: 134217728 - minimum: 5242880 - type: integer - producer_compression_type: - description: Specify the default compression type for producers. - This configuration accepts the standard compression codecs - ('gzip', 'snappy', 'lz4', 'zstd'). It additionally accepts - 'none' which is the default and equivalent to no compression. - enum: - - gzip - - snappy - - lz4 - - zstd - - none + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - producer_linger_ms: - description: The linger time (ms) for waiting new data to - arrive for publishing. - maximum: 5000 - minimum: 0 - type: integer - producer_max_request_size: - description: The maximum request size in bytes. - maximum: 268435456 - minimum: 0 - type: integer - type: object - type: object - logs: - description: Logs configuration values - properties: - elasticsearch_index_days_max: - description: Elasticsearch index retention limit - maximum: 10000 - minimum: 1 - type: integer - elasticsearch_index_prefix: - description: Elasticsearch index prefix - maxLength: 1024 - minLength: 1 - type: string - selected_log_fields: - description: The list of logging fields that will be sent to the - integration logging service. The MESSAGE and timestamp fields - are always sent. - items: - type: string - maxItems: 5 - type: array - type: object - metrics: - description: Metrics configuration values - properties: - database: - description: Name of the database where to store metric datapoints. - Only affects PostgreSQL destinations. Defaults to 'metrics'. - Note that this must be the same for all metrics integrations - that write data to the same PostgreSQL service. - maxLength: 40 - pattern: ^[_A-Za-z0-9][-_A-Za-z0-9]{0,39}$ - type: string - retention_days: - description: Number of days to keep old metrics. Only affects - PostgreSQL destinations. Set to 0 for no automatic cleanup. - Defaults to 30 days. - maximum: 10000 - minimum: 0 - type: integer - ro_username: - description: Name of a user that can be used to read metrics. - This will be used for Grafana integration (if enabled) to prevent - Grafana users from making undesired changes. Only affects PostgreSQL - destinations. Defaults to 'metrics_reader'. Note that this must - be the same for all metrics integrations that write data to - the same PostgreSQL service. - maxLength: 40 - pattern: ^[_A-Za-z0-9][-._A-Za-z0-9]{0,39}$ - type: string - source_mysql: - description: Configuration options for metrics where source service - is MySQL - properties: - telegraf: - description: Configuration options for Telegraf MySQL input - plugin - properties: - gather_event_waits: - description: Gather metrics from PERFORMANCE_SCHEMA.EVENT_WAITS - type: boolean - gather_file_events_stats: - description: gather metrics from PERFORMANCE_SCHEMA.FILE_SUMMARY_BY_EVENT_NAME - type: boolean - gather_index_io_waits: - description: Gather metrics from PERFORMANCE_SCHEMA.TABLE_IO_WAITS_SUMMARY_BY_INDEX_USAGE - type: boolean - gather_info_schema_auto_inc: - description: Gather auto_increment columns and max values - from information schema - type: boolean - gather_innodb_metrics: - description: Gather metrics from INFORMATION_SCHEMA.INNODB_METRICS - type: boolean - gather_perf_events_statements: - description: Gather metrics from PERFORMANCE_SCHEMA.EVENTS_STATEMENTS_SUMMARY_BY_DIGEST - type: boolean - gather_process_list: - description: Gather thread state counts from INFORMATION_SCHEMA.PROCESSLIST - type: boolean - gather_slave_status: - description: Gather metrics from SHOW SLAVE STATUS command - output - type: boolean - gather_table_io_waits: - description: Gather metrics from PERFORMANCE_SCHEMA.TABLE_IO_WAITS_SUMMARY_BY_TABLE - type: boolean - gather_table_lock_waits: - description: Gather metrics from PERFORMANCE_SCHEMA.TABLE_LOCK_WAITS - type: boolean - gather_table_schema: - description: Gather metrics from INFORMATION_SCHEMA.TABLES - type: boolean - perf_events_statements_digest_text_limit: - description: Truncates digest text from perf_events_statements - into this many characters - maximum: 2048 - minimum: 1 - type: integer - perf_events_statements_limit: - description: Limits metrics from perf_events_statements - maximum: 4000 - minimum: 1 - type: integer - perf_events_statements_time_limit: - description: Only include perf_events_statements whose - last seen is less than this many seconds - maximum: 2592000 - minimum: 1 - type: integer - type: object + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] type: object - username: - description: Name of the user used to write metrics. Only affects - PostgreSQL destinations. Defaults to 'metrics_writer'. Note - that this must be the same for all metrics integrations that - write data to the same PostgreSQL service. - maxLength: 40 - pattern: ^[_A-Za-z0-9][-._A-Za-z0-9]{0,39}$ - type: string - type: object - project: - description: Project the integration belongs to - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - sourceEndpointID: - description: Source endpoint for the integration (if any) - maxLength: 36 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - sourceProjectName: - description: Source project for the integration (if any) - maxLength: 63 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - sourceServiceName: - description: Source service for the integration (if any) - maxLength: 64 - type: string - x-kubernetes-validations: - - message: Value is immutable - rule: self == oldSelf - required: - - integrationType - - project - type: object - status: - description: ServiceIntegrationStatus defines the observed state of ServiceIntegration - properties: - conditions: - description: Conditions represent the latest available observations - of an ServiceIntegration state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - id: - description: Service integration ID - type: string - required: - - conditions - - id - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + id: + description: Service integration ID + type: string + required: [conditions, id] + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/aiven.io_serviceusers.yaml b/config/crd/bases/aiven.io_serviceusers.yaml index e188b02d..088a5741 100644 --- a/config/crd/bases/aiven.io_serviceusers.yaml +++ b/config/crd/bases/aiven.io_serviceusers.yaml @@ -1,11 +1,13 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + creationTimestamp: name: serviceusers.aiven.io + spec: group: aiven.io names: @@ -15,179 +17,166 @@ spec: singular: serviceuser scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.serviceName - name: Service Name - type: string - - jsonPath: .spec.project - name: Project - type: string - - jsonPath: .spec.connInfoSecretTarget.name - name: Connection Information Secret - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ServiceUser is the Schema for the serviceusers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceUserSpec defines the desired state of ServiceUser - properties: - authSecretRef: - description: Authentication reference to Aiven token in a secret - properties: - key: - minLength: 1 - type: string - name: - minLength: 1 - type: string - required: - - key - - name - type: object - authentication: - description: Authentication details - enum: - - caching_sha2_password - - mysql_native_password - type: string - connInfoSecretTarget: - description: 'Information regarding secret creation. Exposed keys: - `SERVICEUSER_HOST`, `SERVICEUSER_PORT`, `SERVICEUSER_USERNAME`, - `SERVICEUSER_PASSWORD`, `SERVICEUSER_CA_CERT`, `SERVICEUSER_ACCESS_CERT`, - `SERVICEUSER_ACCESS_KEY`' - properties: - annotations: - additionalProperties: - type: string - description: Annotations added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - labels: - additionalProperties: - type: string - description: Labels added to the secret - type: object - x-kubernetes-preserve-unknown-fields: true - name: - description: Name of the secret resource to be created. By default, - is equal to the resource name - type: string - prefix: - description: Prefix for the secret's keys. Added "as is" without - any transformations. By default, is equal to the kind name in - uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - type: string - required: - - name - type: object - project: - description: Project to link the user to - format: ^[a-zA-Z0-9_-]*$ - maxLength: 63 - type: string - serviceName: - description: Service to link the user to - maxLength: 63 - type: string - required: - - project - - serviceName - type: object - status: - description: ServiceUserStatus defines the observed state of ServiceUser - properties: - conditions: - description: Conditions represent the latest available observations - of an ServiceUser state - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + - additionalPrinterColumns: + - jsonPath: .spec.serviceName + name: Service Name + type: string + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.connInfoSecretTarget.name + name: Connection Information Secret + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ServiceUser is the Schema for the serviceusers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServiceUserSpec defines the desired state of ServiceUser + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 + key: + minLength: 1 type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 + name: minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown + required: [key, name] + type: object + authentication: + description: Authentication details + enum: [caching_sha2_password, mysql_native_password] + type: string + connInfoSecretTarget: + description: 'Information regarding secret creation. Exposed keys: + `SERVICEUSER_HOST`, `SERVICEUSER_PORT`, `SERVICEUSER_USERNAME`, + `SERVICEUSER_PASSWORD`, `SERVICEUSER_CA_CERT`, `SERVICEUSER_ACCESS_CERT`, + `SERVICEUSER_ACCESS_KEY`' + properties: + annotations: + additionalProperties: + type: string + description: Annotations added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: + type: string + description: Labels added to the secret + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Name of the secret resource to be created. By default, + is equal to the resource name type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + prefix: + description: Prefix for the secret's keys. Added "as is" without + any transformations. By default, is equal to the kind name + in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + required: [name] type: object - type: array - type: - description: Type of the user account - type: string - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} + project: + description: Project to link the user to + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + serviceName: + description: Service to link the user to + maxLength: 63 + type: string + required: [project, serviceName] + type: object + status: + description: ServiceUserStatus defines the observed state of ServiceUser + properties: + conditions: + description: Conditions represent the latest available observations + of an ServiceUser state + items: + description: "Condition contains details for one aspect of the\ + \ current state of this API Resource. --- This struct is intended\ + \ for direct use as an array at the field path .status.conditions.\ + \ For example, \n type FooStatus struct{ // Represents the\ + \ observations of a foo's current state. // Known .status.conditions.type\ + \ are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ + \ // +patchStrategy=merge // +listType=map // +listMapKey=type\ + \ Conditions []metav1.Condition `json:\"conditions,omitempty\"\ + \ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"\ + bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: ['True', 'False', Unknown] + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: [lastTransitionTime, message, reason, status, type] + type: object + type: array + type: + description: Type of the user account + type: string + required: [conditions] + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 6dbe80c3..55cb2c49 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -1,76 +1,77 @@ +--- # This kustomization.yaml is not intended to be run by itself, # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default resources: -- bases/aiven.io_clickhouses.yaml -- bases/aiven.io_clickhouseusers.yaml -- bases/aiven.io_connectionpools.yaml -- bases/aiven.io_databases.yaml -- bases/aiven.io_kafkas.yaml -- bases/aiven.io_kafkaacls.yaml -- bases/aiven.io_kafkaconnects.yaml -- bases/aiven.io_kafkaconnectors.yaml -- bases/aiven.io_kafkaschemas.yaml -- bases/aiven.io_kafkatopics.yaml -- bases/aiven.io_opensearches.yaml -- bases/aiven.io_postgresqls.yaml -- bases/aiven.io_projects.yaml -- bases/aiven.io_projectvpcs.yaml -- bases/aiven.io_redis.yaml -- bases/aiven.io_serviceintegrations.yaml -- bases/aiven.io_serviceusers.yaml -- bases/aiven.io_mysqls.yaml -- bases/aiven.io_cassandras.yaml -- bases/aiven.io_grafanas.yaml + - bases/aiven.io_clickhouses.yaml + - bases/aiven.io_clickhouseusers.yaml + - bases/aiven.io_connectionpools.yaml + - bases/aiven.io_databases.yaml + - bases/aiven.io_kafkas.yaml + - bases/aiven.io_kafkaacls.yaml + - bases/aiven.io_kafkaconnects.yaml + - bases/aiven.io_kafkaconnectors.yaml + - bases/aiven.io_kafkaschemas.yaml + - bases/aiven.io_kafkatopics.yaml + - bases/aiven.io_opensearches.yaml + - bases/aiven.io_postgresqls.yaml + - bases/aiven.io_projects.yaml + - bases/aiven.io_projectvpcs.yaml + - bases/aiven.io_redis.yaml + - bases/aiven.io_serviceintegrations.yaml + - bases/aiven.io_serviceusers.yaml + - bases/aiven.io_mysqls.yaml + - bases/aiven.io_cassandras.yaml + - bases/aiven.io_grafanas.yaml + #+kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD -- patches/webhook_in_clickhouses.yaml -- patches/webhook_in_clickhouseusers.yaml -- patches/webhook_in_connectionpools.yaml -- patches/webhook_in_databases.yaml -- patches/webhook_in_kafkas.yaml -- patches/webhook_in_kafkaacls.yaml -- patches/webhook_in_kafkaconnects.yaml -- patches/webhook_in_kafkaconnectors.yaml -- patches/webhook_in_kafkaschemas.yaml -- patches/webhook_in_kafkatopics.yaml -- patches/webhook_in_opensearches.yaml -- patches/webhook_in_postgresqls.yaml -- patches/webhook_in_projects.yaml -- patches/webhook_in_redis.yaml -- patches/webhook_in_serviceintegrations.yaml -- patches/webhook_in_serviceusers.yaml -- patches/webhook_in_mysqls.yaml -- patches/webhook_in_cassandras.yaml -- patches/webhook_in_grafanas.yaml + - patches/webhook_in_clickhouses.yaml + - patches/webhook_in_clickhouseusers.yaml + - patches/webhook_in_connectionpools.yaml + - patches/webhook_in_databases.yaml + - patches/webhook_in_kafkas.yaml + - patches/webhook_in_kafkaacls.yaml + - patches/webhook_in_kafkaconnects.yaml + - patches/webhook_in_kafkaconnectors.yaml + - patches/webhook_in_kafkaschemas.yaml + - patches/webhook_in_kafkatopics.yaml + - patches/webhook_in_opensearches.yaml + - patches/webhook_in_postgresqls.yaml + - patches/webhook_in_projects.yaml + - patches/webhook_in_redis.yaml + - patches/webhook_in_serviceintegrations.yaml + - patches/webhook_in_serviceusers.yaml + - patches/webhook_in_mysqls.yaml + - patches/webhook_in_cassandras.yaml + - patches/webhook_in_grafanas.yaml #+kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. # patches here are for enabling the CA injection for each CRD -- patches/cainjection_in_clickhouses.yaml -- patches/cainjection_in_clickhouseusers.yaml -- patches/cainjection_in_connectionpools.yaml -- patches/cainjection_in_databases.yaml -- patches/cainjection_in_kafkas.yaml -- patches/cainjection_in_kafkaacls.yaml -- patches/cainjection_in_kafkaconnects.yaml -- patches/cainjection_in_kafkaconnectors.yaml -- patches/cainjection_in_kafkaschemas.yaml -- patches/cainjection_in_kafkatopics.yaml -- patches/cainjection_in_opensearches.yaml -- patches/cainjection_in_postgresqls.yaml -- patches/cainjection_in_projects.yaml -- patches/cainjection_in_redis.yaml -- patches/cainjection_in_serviceintegrations.yaml -- patches/cainjection_in_serviceusers.yaml -- patches/cainjection_in_mysqls.yaml -- patches/cainjection_in_cassandras.yaml -- patches/cainjection_in_grafanas.yaml + - patches/cainjection_in_clickhouses.yaml + - patches/cainjection_in_clickhouseusers.yaml + - patches/cainjection_in_connectionpools.yaml + - patches/cainjection_in_databases.yaml + - patches/cainjection_in_kafkas.yaml + - patches/cainjection_in_kafkaacls.yaml + - patches/cainjection_in_kafkaconnects.yaml + - patches/cainjection_in_kafkaconnectors.yaml + - patches/cainjection_in_kafkaschemas.yaml + - patches/cainjection_in_kafkatopics.yaml + - patches/cainjection_in_opensearches.yaml + - patches/cainjection_in_postgresqls.yaml + - patches/cainjection_in_projects.yaml + - patches/cainjection_in_redis.yaml + - patches/cainjection_in_serviceintegrations.yaml + - patches/cainjection_in_serviceusers.yaml + - patches/cainjection_in_mysqls.yaml + - patches/cainjection_in_cassandras.yaml + - patches/cainjection_in_grafanas.yaml #+kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. -configurations: -- kustomizeconfig.yaml +configurations: [kustomizeconfig.yaml] diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml index ec5c150a..7d75f65d 100644 --- a/config/crd/kustomizeconfig.yaml +++ b/config/crd/kustomizeconfig.yaml @@ -1,19 +1,20 @@ +--- # This file is for teaching kustomize how to substitute name and namespace reference in CRD nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: CustomResourceDefinition + - kind: Service version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/name + fieldSpecs: + - kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/name namespace: -- kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/namespace - create: false + - kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/namespace + create: false varReference: -- path: metadata/annotations + - path: metadata/annotations diff --git a/config/crd/patches/cainjection_in_cassandras.yaml b/config/crd/patches/cainjection_in_cassandras.yaml index a25eb37a..0a4aec27 100644 --- a/config/crd/patches/cainjection_in_cassandras.yaml +++ b/config/crd/patches/cainjection_in_cassandras.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_clickhouses.yaml b/config/crd/patches/cainjection_in_clickhouses.yaml index 6e95ddc8..a5672052 100644 --- a/config/crd/patches/cainjection_in_clickhouses.yaml +++ b/config/crd/patches/cainjection_in_clickhouses.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_clickhouseusers.yaml b/config/crd/patches/cainjection_in_clickhouseusers.yaml index 97c2cea3..03758b65 100644 --- a/config/crd/patches/cainjection_in_clickhouseusers.yaml +++ b/config/crd/patches/cainjection_in_clickhouseusers.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_connectionpools.yaml b/config/crd/patches/cainjection_in_connectionpools.yaml index eb7c69ac..ece19342 100644 --- a/config/crd/patches/cainjection_in_connectionpools.yaml +++ b/config/crd/patches/cainjection_in_connectionpools.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_databases.yaml b/config/crd/patches/cainjection_in_databases.yaml index 9883203c..b1bcb33f 100644 --- a/config/crd/patches/cainjection_in_databases.yaml +++ b/config/crd/patches/cainjection_in_databases.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_grafanas.yaml b/config/crd/patches/cainjection_in_grafanas.yaml index 4ae6a269..6ccf0a4f 100644 --- a/config/crd/patches/cainjection_in_grafanas.yaml +++ b/config/crd/patches/cainjection_in_grafanas.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_kafkaacls.yaml b/config/crd/patches/cainjection_in_kafkaacls.yaml index 1736f5c9..f20df292 100644 --- a/config/crd/patches/cainjection_in_kafkaacls.yaml +++ b/config/crd/patches/cainjection_in_kafkaacls.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_kafkaconnectors.yaml b/config/crd/patches/cainjection_in_kafkaconnectors.yaml index 93bd19fc..236d7ec9 100644 --- a/config/crd/patches/cainjection_in_kafkaconnectors.yaml +++ b/config/crd/patches/cainjection_in_kafkaconnectors.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_kafkaconnects.yaml b/config/crd/patches/cainjection_in_kafkaconnects.yaml index 5315dc21..e5d6f433 100644 --- a/config/crd/patches/cainjection_in_kafkaconnects.yaml +++ b/config/crd/patches/cainjection_in_kafkaconnects.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_kafkas.yaml b/config/crd/patches/cainjection_in_kafkas.yaml index 15799ecd..55433cc1 100644 --- a/config/crd/patches/cainjection_in_kafkas.yaml +++ b/config/crd/patches/cainjection_in_kafkas.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_kafkaschemas.yaml b/config/crd/patches/cainjection_in_kafkaschemas.yaml index 3f0e0e28..1b56d8b8 100644 --- a/config/crd/patches/cainjection_in_kafkaschemas.yaml +++ b/config/crd/patches/cainjection_in_kafkaschemas.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_kafkatopics.yaml b/config/crd/patches/cainjection_in_kafkatopics.yaml index 73296768..48707f2a 100644 --- a/config/crd/patches/cainjection_in_kafkatopics.yaml +++ b/config/crd/patches/cainjection_in_kafkatopics.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_mysqls.yaml b/config/crd/patches/cainjection_in_mysqls.yaml index a78eb0c7..8930ed27 100644 --- a/config/crd/patches/cainjection_in_mysqls.yaml +++ b/config/crd/patches/cainjection_in_mysqls.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_opensearches.yaml b/config/crd/patches/cainjection_in_opensearches.yaml index 9cf36e5b..b13db8b9 100644 --- a/config/crd/patches/cainjection_in_opensearches.yaml +++ b/config/crd/patches/cainjection_in_opensearches.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_postgresqls.yaml b/config/crd/patches/cainjection_in_postgresqls.yaml index c673c425..339f211e 100644 --- a/config/crd/patches/cainjection_in_postgresqls.yaml +++ b/config/crd/patches/cainjection_in_postgresqls.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_projects.yaml b/config/crd/patches/cainjection_in_projects.yaml index 2e7a2e5f..1125a29c 100644 --- a/config/crd/patches/cainjection_in_projects.yaml +++ b/config/crd/patches/cainjection_in_projects.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_redis.yaml b/config/crd/patches/cainjection_in_redis.yaml index a0b6dc64..e97832bf 100644 --- a/config/crd/patches/cainjection_in_redis.yaml +++ b/config/crd/patches/cainjection_in_redis.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_serviceintegrations.yaml b/config/crd/patches/cainjection_in_serviceintegrations.yaml index e9dfabb1..fa96f6af 100644 --- a/config/crd/patches/cainjection_in_serviceintegrations.yaml +++ b/config/crd/patches/cainjection_in_serviceintegrations.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/cainjection_in_serviceusers.yaml b/config/crd/patches/cainjection_in_serviceusers.yaml index fbaad1e9..c827eb86 100644 --- a/config/crd/patches/cainjection_in_serviceusers.yaml +++ b/config/crd/patches/cainjection_in_serviceusers.yaml @@ -1,6 +1,8 @@ +--- # The following patch adds a directive for certmanager to inject CA into the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/crd/patches/webhook_in_cassandras.yaml b/config/crd/patches/webhook_in_cassandras.yaml index af50bb41..58f37ccc 100644 --- a/config/crd/patches/webhook_in_cassandras.yaml +++ b/config/crd/patches/webhook_in_cassandras.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: cassandras.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_clickhouses.yaml b/config/crd/patches/webhook_in_clickhouses.yaml index ee8de9af..b1dd54e4 100644 --- a/config/crd/patches/webhook_in_clickhouses.yaml +++ b/config/crd/patches/webhook_in_clickhouses.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: clickhouses.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_clickhouseusers.yaml b/config/crd/patches/webhook_in_clickhouseusers.yaml index aa0640fa..c60d0777 100644 --- a/config/crd/patches/webhook_in_clickhouseusers.yaml +++ b/config/crd/patches/webhook_in_clickhouseusers.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: clickhouseusers.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_connectionpools.yaml b/config/crd/patches/webhook_in_connectionpools.yaml index 069011e7..d37bf80a 100644 --- a/config/crd/patches/webhook_in_connectionpools.yaml +++ b/config/crd/patches/webhook_in_connectionpools.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: connectionpools.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_databases.yaml b/config/crd/patches/webhook_in_databases.yaml index 4baa665f..b280f358 100644 --- a/config/crd/patches/webhook_in_databases.yaml +++ b/config/crd/patches/webhook_in_databases.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: databases.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_grafanas.yaml b/config/crd/patches/webhook_in_grafanas.yaml index 999d4153..adad593d 100644 --- a/config/crd/patches/webhook_in_grafanas.yaml +++ b/config/crd/patches/webhook_in_grafanas.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: grafanas.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_kafkaacls.yaml b/config/crd/patches/webhook_in_kafkaacls.yaml index 6b62b693..66af8611 100644 --- a/config/crd/patches/webhook_in_kafkaacls.yaml +++ b/config/crd/patches/webhook_in_kafkaacls.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: kafkaacls.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_kafkaconnectors.yaml b/config/crd/patches/webhook_in_kafkaconnectors.yaml index 79b3ec3b..41b78f2a 100644 --- a/config/crd/patches/webhook_in_kafkaconnectors.yaml +++ b/config/crd/patches/webhook_in_kafkaconnectors.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: kafkaconnectors.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_kafkaconnects.yaml b/config/crd/patches/webhook_in_kafkaconnects.yaml index cc7dc7e7..5e0d030d 100644 --- a/config/crd/patches/webhook_in_kafkaconnects.yaml +++ b/config/crd/patches/webhook_in_kafkaconnects.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: kafkaconnects.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_kafkas.yaml b/config/crd/patches/webhook_in_kafkas.yaml index 8327af52..76094ecd 100644 --- a/config/crd/patches/webhook_in_kafkas.yaml +++ b/config/crd/patches/webhook_in_kafkas.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: kafkas.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_kafkaschemas.yaml b/config/crd/patches/webhook_in_kafkaschemas.yaml index a09822c2..9158dcf9 100644 --- a/config/crd/patches/webhook_in_kafkaschemas.yaml +++ b/config/crd/patches/webhook_in_kafkaschemas.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: kafkaschemas.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_kafkatopics.yaml b/config/crd/patches/webhook_in_kafkatopics.yaml index 087e1aea..6812b692 100644 --- a/config/crd/patches/webhook_in_kafkatopics.yaml +++ b/config/crd/patches/webhook_in_kafkatopics.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: kafkatopics.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_mysqls.yaml b/config/crd/patches/webhook_in_mysqls.yaml index 976ce9e3..fae67ed5 100644 --- a/config/crd/patches/webhook_in_mysqls.yaml +++ b/config/crd/patches/webhook_in_mysqls.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: mysqls.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_opensearches.yaml b/config/crd/patches/webhook_in_opensearches.yaml index d7886437..fb333ef3 100644 --- a/config/crd/patches/webhook_in_opensearches.yaml +++ b/config/crd/patches/webhook_in_opensearches.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: opensearches.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_postgresqls.yaml b/config/crd/patches/webhook_in_postgresqls.yaml index 1b64996c..fdb8cc58 100644 --- a/config/crd/patches/webhook_in_postgresqls.yaml +++ b/config/crd/patches/webhook_in_postgresqls.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: postgresqls.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_projects.yaml b/config/crd/patches/webhook_in_projects.yaml index 6ec05bda..d1b98ab6 100644 --- a/config/crd/patches/webhook_in_projects.yaml +++ b/config/crd/patches/webhook_in_projects.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: projects.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_redis.yaml b/config/crd/patches/webhook_in_redis.yaml index 5befe4f3..c868be76 100644 --- a/config/crd/patches/webhook_in_redis.yaml +++ b/config/crd/patches/webhook_in_redis.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: redis.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_serviceintegrations.yaml b/config/crd/patches/webhook_in_serviceintegrations.yaml index 06fc2c9c..2f6ed515 100644 --- a/config/crd/patches/webhook_in_serviceintegrations.yaml +++ b/config/crd/patches/webhook_in_serviceintegrations.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: serviceintegrations.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/crd/patches/webhook_in_serviceusers.yaml b/config/crd/patches/webhook_in_serviceusers.yaml index 610be8d9..5d540a16 100644 --- a/config/crd/patches/webhook_in_serviceusers.yaml +++ b/config/crd/patches/webhook_in_serviceusers.yaml @@ -1,8 +1,11 @@ +--- # The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition + metadata: name: serviceusers.aiven.io + spec: conversion: strategy: Webhook @@ -12,5 +15,4 @@ spec: namespace: system name: webhook-service path: /convert - conversionReviewVersions: - - v1 + conversionReviewVersions: [v1] diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 4229e881..dbb58782 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,3 +1,4 @@ +--- # Adds namespace to all resources. namespace: aiven-operator-system @@ -9,18 +10,19 @@ namespace: aiven-operator-system namePrefix: aiven-operator- # Labels to add to all resources and selectors. -#commonLabels: +# commonLabels: # someName: someValue bases: -- ../crd -- ../rbac -- ../manager + - ../crd + - ../rbac + - ../manager + # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml -- ../webhook + - ../webhook # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -- ../certmanager + - ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus @@ -28,7 +30,7 @@ patchesStrategicMerge: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml + - manager_auth_proxy_patch.yaml # Mount the controller config file for loading manager configurations # through a ComponentConfig type @@ -36,39 +38,39 @@ patchesStrategicMerge: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml -- manager_webhook_patch.yaml + - manager_webhook_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. # 'CERTMANAGER' needs to be enabled to use ca injection -- webhookcainjection_patch.yaml + - webhookcainjection_patch.yaml # the following config is for teaching kustomize how to do var substitution vars: # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml - fieldref: - fieldpath: metadata.namespace -- name: CERTIFICATE_NAME - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml -- name: SERVICE_NAMESPACE # namespace of the service - objref: - kind: Service - version: v1 - name: webhook-service - fieldref: - fieldpath: metadata.namespace -- name: SERVICE_NAME - objref: - kind: Service - version: v1 - name: webhook-service + - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR + objref: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldref: + fieldpath: metadata.namespace + - name: CERTIFICATE_NAME + objref: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + - name: SERVICE_NAMESPACE # namespace of the service + objref: + kind: Service + version: v1 + name: webhook-service + fieldref: + fieldpath: metadata.namespace + - name: SERVICE_NAME + objref: + kind: Service + version: v1 + name: webhook-service diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index cec149a0..cdb12096 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -1,39 +1,41 @@ +--- # This patch inject a sidecar container which is a HTTP proxy for the # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. apiVersion: apps/v1 kind: Deployment + metadata: name: controller-manager namespace: system + spec: template: spec: containers: - - name: kube-rbac-proxy - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=0" - ports: - - containerPort: 8443 - protocol: TCP - name: https - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - - name: manager - args: - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" + - name: kube-rbac-proxy + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: [ALL] + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0 + args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + ports: + - containerPort: 8443 + protocol: TCP + name: https + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + - name: manager + args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml index 6c400155..ec0d38ec 100644 --- a/config/default/manager_config_patch.yaml +++ b/config/default/manager_config_patch.yaml @@ -1,20 +1,22 @@ +--- apiVersion: apps/v1 kind: Deployment + metadata: name: controller-manager namespace: system + spec: template: spec: containers: - - name: manager - args: - - "--config=controller_manager_config.yaml" - volumeMounts: - - name: manager-config - mountPath: /controller_manager_config.yaml - subPath: controller_manager_config.yaml + - name: manager + args: [--config=controller_manager_config.yaml] + volumeMounts: + - name: manager-config + mountPath: /controller_manager_config.yaml + subPath: controller_manager_config.yaml volumes: - - name: manager-config - configMap: - name: manager-config + - name: manager-config + configMap: + name: manager-config diff --git a/config/default/manager_webhook_patch.yaml b/config/default/manager_webhook_patch.yaml index 738de350..0a92764e 100644 --- a/config/default/manager_webhook_patch.yaml +++ b/config/default/manager_webhook_patch.yaml @@ -1,23 +1,26 @@ +--- apiVersion: apps/v1 kind: Deployment + metadata: name: controller-manager namespace: system + spec: template: spec: containers: - - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true + - name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert diff --git a/config/default/webhookcainjection_patch.yaml b/config/default/webhookcainjection_patch.yaml index 02ab515d..1188b68f 100644 --- a/config/default/webhookcainjection_patch.yaml +++ b/config/default/webhookcainjection_patch.yaml @@ -1,14 +1,18 @@ +--- # This patch add annotation to admission webhook config and # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration + metadata: name: mutating-webhook-configuration annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration + metadata: name: validating-webhook-configuration annotations: diff --git a/config/manager/controller_manager_config.yaml b/config/manager/controller_manager_config.yaml index be72a6b4..27251234 100644 --- a/config/manager/controller_manager_config.yaml +++ b/config/manager/controller_manager_config.yaml @@ -1,14 +1,20 @@ +--- apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 kind: ControllerManagerConfig + health: healthProbeBindAddress: :8081 + metrics: bindAddress: 127.0.0.1:8080 + webhook: port: 9443 + leaderElection: leaderElect: true resourceName: 40db2fac.aiven.io + # leaderElectionReleaseOnCancel defines if the leader should step down volume # when the Manager ends. This requires the binary to immediately end when the # Manager is stopped, otherwise, this setting is unsafe. Setting this significantly diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 65108f52..b43cb497 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,16 +1,17 @@ -resources: -- manager.yaml +--- +resources: [manager.yaml] generatorOptions: disableNameSuffixHash: true configMapGenerator: -- files: - - controller_manager_config.yaml - name: manager-config + - files: [controller_manager_config.yaml] + name: manager-config + apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + images: -- name: controller - newName: aivenoy/aiven-operator - newTag: b67bdfc15f9cac73542c68891f74382665311202 + - name: controller + newName: aivenoy/aiven-operator + newTag: b67bdfc15f9cac73542c68891f74382665311202 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 878ad486..9ace2f86 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -1,17 +1,22 @@ +--- apiVersion: v1 kind: Namespace + metadata: labels: control-plane: controller-manager name: system + --- apiVersion: apps/v1 kind: Deployment + metadata: name: controller-manager namespace: system labels: control-plane: controller-manager + spec: selector: matchLabels: @@ -34,37 +39,34 @@ spec: # seccompProfile: # type: RuntimeDefault containers: - - command: - - /manager - args: - - --leader-elect - image: controller:latest - name: manager - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 + - command: [/manager] + args: [--leader-elect] + image: controller:latest + name: manager + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: [ALL] + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 # TODO(user): Configure the resources accordingly based on the project requirements. # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml index 125c6a6b..8c05efcc 100644 --- a/config/manifests/kustomization.yaml +++ b/config/manifests/kustomization.yaml @@ -1,14 +1,15 @@ +--- # These resources constitute the fully configured set of manifests # used to generate the 'manifests/' directory in a bundle. resources: -- ../default -- ../samples -- ../scorecard + - ../default + - ../samples + - ../scorecard # [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. # Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. # These patches remove the unnecessary "cert" volume and its manager container volumeMount. -#patchesJson6902: +# patchesJson6902: #- target: # group: apps # version: v1 diff --git a/config/operatorhub/manifests/bases/aiven-operator.clusterserviceversion.yaml b/config/operatorhub/manifests/bases/aiven-operator.clusterserviceversion.yaml index 498beb04..ec71127a 100644 --- a/config/operatorhub/manifests/bases/aiven-operator.clusterserviceversion.yaml +++ b/config/operatorhub/manifests/bases/aiven-operator.clusterserviceversion.yaml @@ -1,5 +1,7 @@ +--- apiVersion: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion + metadata: annotations: alm-examples: '[]' @@ -9,104 +11,105 @@ metadata: support: aiven name: aiven-operator namespace: placeholder + spec: apiservicedefinitions: {} customresourcedefinitions: owned: - - description: ConnectionPool is the Schema for the connectionpools API - displayName: Connection Pool - kind: ConnectionPool - name: connectionpools.aiven.io - version: v1alpha1 - - description: Database is the Schema for the databases API - displayName: Database - kind: Database - name: databases.aiven.io - version: v1alpha1 - - description: KafkaACL is the Schema for the kafkaacls API - displayName: Kafka ACL - kind: KafkaACL - name: kafkaacls.aiven.io - version: v1alpha1 - - description: KafkaConnector is the Schema for the kafkaconnectors API - displayName: Kafka Connector - kind: KafkaConnector - name: kafkaconnectors.aiven.io - version: v1alpha1 - - description: KafkaConnect is the Schema for the kafkaconnects API - displayName: Kafka Connect - kind: KafkaConnect - name: kafkaconnects.aiven.io - version: v1alpha1 - - description: Kafka is the Schema for the kafkas API - displayName: Kafka - kind: Kafka - name: kafkas.aiven.io - version: v1alpha1 - - description: KafkaSchema is the Schema for the kafkaschemas API - displayName: Kafka Schema - kind: KafkaSchema - name: kafkaschemas.aiven.io - version: v1alpha1 - - description: KafkaTopic is the Schema for the kafkatopics API - displayName: Kafka Topic - kind: KafkaTopic - name: kafkatopics.aiven.io - version: v1alpha1 - - description: PostgreSQL is the Schema for the postgresql API - displayName: Postgre SQL - kind: PostgreSQL - name: postgresqls.aiven.io - version: v1alpha1 - - description: Project is the Schema for the projects API - displayName: Project - kind: Project - name: projects.aiven.io - version: v1alpha1 - - description: ProjectVPC is the Schema for the projectvpcs API - displayName: Project VPC - kind: ProjectVPC - name: projectvpcs.aiven.io - version: v1alpha1 - - description: ServiceIntegration is the Schema for the serviceintegrations API - displayName: Service Integration - kind: ServiceIntegration - name: serviceintegrations.aiven.io - version: v1alpha1 - - description: ServiceUser is the Schema for the serviceusers API - displayName: Service User - kind: ServiceUser - name: serviceusers.aiven.io - version: v1alpha1 + - description: ConnectionPool is the Schema for the connectionpools API + displayName: Connection Pool + kind: ConnectionPool + name: connectionpools.aiven.io + version: v1alpha1 + - description: Database is the Schema for the databases API + displayName: Database + kind: Database + name: databases.aiven.io + version: v1alpha1 + - description: KafkaACL is the Schema for the kafkaacls API + displayName: Kafka ACL + kind: KafkaACL + name: kafkaacls.aiven.io + version: v1alpha1 + - description: KafkaConnector is the Schema for the kafkaconnectors API + displayName: Kafka Connector + kind: KafkaConnector + name: kafkaconnectors.aiven.io + version: v1alpha1 + - description: KafkaConnect is the Schema for the kafkaconnects API + displayName: Kafka Connect + kind: KafkaConnect + name: kafkaconnects.aiven.io + version: v1alpha1 + - description: Kafka is the Schema for the kafkas API + displayName: Kafka + kind: Kafka + name: kafkas.aiven.io + version: v1alpha1 + - description: KafkaSchema is the Schema for the kafkaschemas API + displayName: Kafka Schema + kind: KafkaSchema + name: kafkaschemas.aiven.io + version: v1alpha1 + - description: KafkaTopic is the Schema for the kafkatopics API + displayName: Kafka Topic + kind: KafkaTopic + name: kafkatopics.aiven.io + version: v1alpha1 + - description: PostgreSQL is the Schema for the postgresql API + displayName: Postgre SQL + kind: PostgreSQL + name: postgresqls.aiven.io + version: v1alpha1 + - description: Project is the Schema for the projects API + displayName: Project + kind: Project + name: projects.aiven.io + version: v1alpha1 + - description: ProjectVPC is the Schema for the projectvpcs API + displayName: Project VPC + kind: ProjectVPC + name: projectvpcs.aiven.io + version: v1alpha1 + - description: ServiceIntegration is the Schema for the serviceintegrations + API + displayName: Service Integration + kind: ServiceIntegration + name: serviceintegrations.aiven.io + version: v1alpha1 + - description: ServiceUser is the Schema for the serviceusers API + displayName: Service User + kind: ServiceUser + name: serviceusers.aiven.io + version: v1alpha1 description: A Kubernetes operator for provisioning and managing Aiven Databases and other resources displayName: Aiven Operator icon: - - base64data: "" - mediatype: "" + - base64data: '' + mediatype: '' install: spec: - deployments: null - strategy: "" + deployments: + strategy: '' installModes: - - supported: false - type: OwnNamespace - - supported: false - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: true - type: AllNamespaces - keywords: - - aiven + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: [aiven] links: - - name: Aiven Operator for Kubernetes - url: https://aiven.github.io/aiven-operator/ + - name: Aiven Operator for Kubernetes + url: https://aiven.github.io/aiven-operator/ maintainers: - - email: ivan.savciuc@gmail.com - name: Ivan Savciuc - - email: murad.biashimov@aiven.io - name: Murad Biashimov + - email: ivan.savciuc@gmail.com + name: Ivan Savciuc + - email: murad.biashimov@aiven.io + name: Murad Biashimov maturity: alpha provider: name: aiven diff --git a/config/operatorhub/manifests/kustomization.yaml b/config/operatorhub/manifests/kustomization.yaml index 090b86d1..e7e454dd 100644 --- a/config/operatorhub/manifests/kustomization.yaml +++ b/config/operatorhub/manifests/kustomization.yaml @@ -1,5 +1,6 @@ +--- resources: -- ../../default -- ../samples -- ../scorecard -- bases/aiven-operator.clusterserviceversion.yaml + - ../../default + - ../samples + - ../scorecard + - bases/aiven-operator.clusterserviceversion.yaml diff --git a/config/operatorhub/samples/kustomization.yaml b/config/operatorhub/samples/kustomization.yaml index 63344ca6..a2c68d3c 100644 --- a/config/operatorhub/samples/kustomization.yaml +++ b/config/operatorhub/samples/kustomization.yaml @@ -1,3 +1,4 @@ -## Append samples you want in your CSV to this file as resources ## +--- +## Append samples you want in your CSV to this file as resources ## resources: #+kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/operatorhub/scorecard/bases/config.yaml b/config/operatorhub/scorecard/bases/config.yaml index c7704784..5e58e36c 100644 --- a/config/operatorhub/scorecard/bases/config.yaml +++ b/config/operatorhub/scorecard/bases/config.yaml @@ -1,7 +1,10 @@ +--- apiVersion: scorecard.operatorframework.io/v1alpha3 kind: Configuration + metadata: name: config + stages: -- parallel: true - tests: [] + - parallel: true + tests: [] diff --git a/config/operatorhub/scorecard/kustomization.yaml b/config/operatorhub/scorecard/kustomization.yaml index 0b907f9d..be6f7106 100644 --- a/config/operatorhub/scorecard/kustomization.yaml +++ b/config/operatorhub/scorecard/kustomization.yaml @@ -1,5 +1,6 @@ -resources: - - bases/config.yaml +--- +resources: [bases/config.yaml] + patchesJson6902: - path: patches/basic.config.yaml target: @@ -13,4 +14,5 @@ patchesJson6902: version: v1alpha3 kind: Configuration name: config + # +kubebuilder:scaffold:patchesJson6902 diff --git a/config/operatorhub/scorecard/patches/basic.config.yaml b/config/operatorhub/scorecard/patches/basic.config.yaml index d164f2fb..40237a25 100644 --- a/config/operatorhub/scorecard/patches/basic.config.yaml +++ b/config/operatorhub/scorecard/patches/basic.config.yaml @@ -1,10 +1,9 @@ +--- - op: add path: /stages/0/tests/- value: - entrypoint: - - scorecard-test - - basic-check-spec + entrypoint: [scorecard-test, basic-check-spec] image: quay.io/operator-framework/scorecard-test:v1.8.0 labels: suite: basic - test: basic-check-spec-test \ No newline at end of file + test: basic-check-spec-test diff --git a/config/operatorhub/scorecard/patches/olm.config.yaml b/config/operatorhub/scorecard/patches/olm.config.yaml index 90785f75..9ebaf7c2 100644 --- a/config/operatorhub/scorecard/patches/olm.config.yaml +++ b/config/operatorhub/scorecard/patches/olm.config.yaml @@ -1,9 +1,8 @@ +--- - op: add path: /stages/0/tests/- value: - entrypoint: - - scorecard-test - - olm-bundle-validation + entrypoint: [scorecard-test, olm-bundle-validation] image: quay.io/operator-framework/scorecard-test:v1.8.0 labels: suite: olm @@ -11,9 +10,7 @@ - op: add path: /stages/0/tests/- value: - entrypoint: - - scorecard-test - - olm-crds-have-validation + entrypoint: [scorecard-test, olm-crds-have-validation] image: quay.io/operator-framework/scorecard-test:v1.8.0 labels: suite: olm @@ -21,9 +18,7 @@ - op: add path: /stages/0/tests/- value: - entrypoint: - - scorecard-test - - olm-spec-descriptors + entrypoint: [scorecard-test, olm-spec-descriptors] image: quay.io/operator-framework/scorecard-test:v1.8.0 labels: suite: olm @@ -31,10 +26,8 @@ - op: add path: /stages/0/tests/- value: - entrypoint: - - scorecard-test - - olm-status-descriptors + entrypoint: [scorecard-test, olm-status-descriptors] image: quay.io/operator-framework/scorecard-test:v1.8.0 labels: suite: olm - test: olm-status-descriptors-test \ No newline at end of file + test: olm-status-descriptors-test diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml index ed137168..0d4d1249 100644 --- a/config/prometheus/kustomization.yaml +++ b/config/prometheus/kustomization.yaml @@ -1,2 +1,2 @@ -resources: -- monitor.yaml +--- +resources: [monitor.yaml] diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index d19136ae..263f85e5 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -1,12 +1,14 @@ - +--- # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor + metadata: labels: control-plane: controller-manager name: controller-manager-metrics-monitor namespace: system + spec: endpoints: - path: /metrics diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml index 51a75db4..6da188dc 100644 --- a/config/rbac/auth_proxy_client_clusterrole.yaml +++ b/config/rbac/auth_proxy_client_clusterrole.yaml @@ -1,9 +1,10 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: metrics-reader + rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get + - nonResourceURLs: [/metrics] + verbs: [get] diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml index 80e1857c..df8aaea0 100644 --- a/config/rbac/auth_proxy_role.yaml +++ b/config/rbac/auth_proxy_role.yaml @@ -1,17 +1,14 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: proxy-role + rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: [authentication.k8s.io] + resources: [tokenreviews] + verbs: [create] + - apiGroups: [authorization.k8s.io] + resources: [subjectaccessreviews] + verbs: [create] diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml index ec7acc0a..a53f7316 100644 --- a/config/rbac/auth_proxy_role_binding.yaml +++ b/config/rbac/auth_proxy_role_binding.yaml @@ -1,12 +1,16 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding + metadata: name: proxy-rolebinding + roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: proxy-role + subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system + - kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml index 71f17972..79c91840 100644 --- a/config/rbac/auth_proxy_service.yaml +++ b/config/rbac/auth_proxy_service.yaml @@ -1,15 +1,18 @@ +--- apiVersion: v1 kind: Service + metadata: labels: control-plane: controller-manager name: controller-manager-metrics-service namespace: system + spec: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https selector: control-plane: controller-manager diff --git a/config/rbac/cassandra_editor_role.yaml b/config/rbac/cassandra_editor_role.yaml index d80b1e48..871bfc22 100644 --- a/config/rbac/cassandra_editor_role.yaml +++ b/config/rbac/cassandra_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit cassandras. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: cassandra-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - cassandras - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - cassandras/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [cassandras] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [cassandras/status] + verbs: [get] diff --git a/config/rbac/cassandra_viewer_role.yaml b/config/rbac/cassandra_viewer_role.yaml index d145d4e3..02699ff6 100644 --- a/config/rbac/cassandra_viewer_role.yaml +++ b/config/rbac/cassandra_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view cassandras. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: cassandra-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - cassandras - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - cassandras/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [cassandras] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [cassandras/status] + verbs: [get] diff --git a/config/rbac/clickhouse_editor_role.yaml b/config/rbac/clickhouse_editor_role.yaml index 54e56ad7..4b63ff3d 100644 --- a/config/rbac/clickhouse_editor_role.yaml +++ b/config/rbac/clickhouse_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit clickhouses. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: clickhouse-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - clickhouses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - clickhouses/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [clickhouses] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [clickhouses/status] + verbs: [get] diff --git a/config/rbac/clickhouse_viewer_role.yaml b/config/rbac/clickhouse_viewer_role.yaml index 7c2acaee..ae50a9e5 100644 --- a/config/rbac/clickhouse_viewer_role.yaml +++ b/config/rbac/clickhouse_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view clickhouses. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: clickhouse-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - clickhouses - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - clickhouses/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [clickhouses] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [clickhouses/status] + verbs: [get] diff --git a/config/rbac/clickhouseuser_editor_role.yaml b/config/rbac/clickhouseuser_editor_role.yaml index 123c694c..cd86cca3 100644 --- a/config/rbac/clickhouseuser_editor_role.yaml +++ b/config/rbac/clickhouseuser_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit clickhouseusers. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: clickhouseuser-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - clickhouseusers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - clickhouseusers/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [clickhouseusers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [clickhouseusers/status] + verbs: [get] diff --git a/config/rbac/clickhouseuser_viewer_role.yaml b/config/rbac/clickhouseuser_viewer_role.yaml index 73a95696..7d20e6c2 100644 --- a/config/rbac/clickhouseuser_viewer_role.yaml +++ b/config/rbac/clickhouseuser_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view clickhouseusers. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: clickhouseuser-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - clickhouseusers - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - clickhouseusers/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [clickhouseusers] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [clickhouseusers/status] + verbs: [get] diff --git a/config/rbac/connectionpool_editor_role.yaml b/config/rbac/connectionpool_editor_role.yaml index c6387bae..885d1bbc 100644 --- a/config/rbac/connectionpool_editor_role.yaml +++ b/config/rbac/connectionpool_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit connectionpools. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: connectionpool-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - connectionpools - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - connectionpools/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [connectionpools] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [connectionpools/status] + verbs: [get] diff --git a/config/rbac/connectionpool_viewer_role.yaml b/config/rbac/connectionpool_viewer_role.yaml index 95fa604c..65b84b67 100644 --- a/config/rbac/connectionpool_viewer_role.yaml +++ b/config/rbac/connectionpool_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view connectionpools. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: connectionpool-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - connectionpools - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - connectionpools/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [connectionpools] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [connectionpools/status] + verbs: [get] diff --git a/config/rbac/database_editor_role.yaml b/config/rbac/database_editor_role.yaml index 951f128a..bc3a36b6 100644 --- a/config/rbac/database_editor_role.yaml +++ b/config/rbac/database_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit databases. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: database-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - databases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - databases/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [databases] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [databases/status] + verbs: [get] diff --git a/config/rbac/database_viewer_role.yaml b/config/rbac/database_viewer_role.yaml index 92dd5d2b..aaed4054 100644 --- a/config/rbac/database_viewer_role.yaml +++ b/config/rbac/database_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view databases. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: database-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - databases - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - databases/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [databases] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [databases/status] + verbs: [get] diff --git a/config/rbac/grafana_editor_role.yaml b/config/rbac/grafana_editor_role.yaml index fabdae86..6d765ae0 100644 --- a/config/rbac/grafana_editor_role.yaml +++ b/config/rbac/grafana_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit grafanas. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: grafana-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - grafanas - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - grafanas/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [grafanas] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [grafanas/status] + verbs: [get] diff --git a/config/rbac/grafana_viewer_role.yaml b/config/rbac/grafana_viewer_role.yaml index 189a8910..d7373ae6 100644 --- a/config/rbac/grafana_viewer_role.yaml +++ b/config/rbac/grafana_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view grafanas. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: grafana-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - grafanas - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - grafanas/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [grafanas] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [grafanas/status] + verbs: [get] diff --git a/config/rbac/kafka_editor_role.yaml b/config/rbac/kafka_editor_role.yaml index 1e9049c3..85583c7a 100644 --- a/config/rbac/kafka_editor_role.yaml +++ b/config/rbac/kafka_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit kafkas. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: kafka-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - kafkas - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - kafkas/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [kafkas] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [kafkas/status] + verbs: [get] diff --git a/config/rbac/kafka_viewer_role.yaml b/config/rbac/kafka_viewer_role.yaml index ce9aa94f..039fa44f 100644 --- a/config/rbac/kafka_viewer_role.yaml +++ b/config/rbac/kafka_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view kafkas. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: kafka-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - kafkas - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - kafkas/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [kafkas] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [kafkas/status] + verbs: [get] diff --git a/config/rbac/kafkaacl_editor_role.yaml b/config/rbac/kafkaacl_editor_role.yaml index bc444246..466b27ff 100644 --- a/config/rbac/kafkaacl_editor_role.yaml +++ b/config/rbac/kafkaacl_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit kafkaacls. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: kafkaacl-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - kafkaacls - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - kafkaacls/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [kafkaacls] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [kafkaacls/status] + verbs: [get] diff --git a/config/rbac/kafkaacl_viewer_role.yaml b/config/rbac/kafkaacl_viewer_role.yaml index a4360d66..be80a8ba 100644 --- a/config/rbac/kafkaacl_viewer_role.yaml +++ b/config/rbac/kafkaacl_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view kafkaacls. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: kafkaacl-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - kafkaacls - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - kafkaacls/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [kafkaacls] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [kafkaacls/status] + verbs: [get] diff --git a/config/rbac/kafkaconnect_editor_role.yaml b/config/rbac/kafkaconnect_editor_role.yaml index 87a5deb7..459752c0 100644 --- a/config/rbac/kafkaconnect_editor_role.yaml +++ b/config/rbac/kafkaconnect_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit kafkaconnects. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: kafkaconnect-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - kafkaconnects - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - kafkaconnects/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [kafkaconnects] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [kafkaconnects/status] + verbs: [get] diff --git a/config/rbac/kafkaconnect_viewer_role.yaml b/config/rbac/kafkaconnect_viewer_role.yaml index daf1dacb..39556bab 100644 --- a/config/rbac/kafkaconnect_viewer_role.yaml +++ b/config/rbac/kafkaconnect_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view kafkaconnects. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: kafkaconnect-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - kafkaconnects - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - kafkaconnects/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [kafkaconnects] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [kafkaconnects/status] + verbs: [get] diff --git a/config/rbac/kafkaconnector_editor_role.yaml b/config/rbac/kafkaconnector_editor_role.yaml index 3d15eed7..66689681 100644 --- a/config/rbac/kafkaconnector_editor_role.yaml +++ b/config/rbac/kafkaconnector_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit kafkaconnectors. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: kafkaconnector-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - kafkaconnectors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - kafkaconnectors/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [kafkaconnectors] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [kafkaconnectors/status] + verbs: [get] diff --git a/config/rbac/kafkaconnector_viewer_role.yaml b/config/rbac/kafkaconnector_viewer_role.yaml index 71624cb8..10a67e3c 100644 --- a/config/rbac/kafkaconnector_viewer_role.yaml +++ b/config/rbac/kafkaconnector_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view kafkaconnectors. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: kafkaconnector-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - kafkaconnectors - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - kafkaconnectors/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [kafkaconnectors] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [kafkaconnectors/status] + verbs: [get] diff --git a/config/rbac/kafkaschema_editor_role.yaml b/config/rbac/kafkaschema_editor_role.yaml index 8d98ef2e..96f7f2c6 100644 --- a/config/rbac/kafkaschema_editor_role.yaml +++ b/config/rbac/kafkaschema_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit kafkaschemas. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: kafkaschema-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - kafkaschemas - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - kafkaschemas/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [kafkaschemas] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [kafkaschemas/status] + verbs: [get] diff --git a/config/rbac/kafkaschema_viewer_role.yaml b/config/rbac/kafkaschema_viewer_role.yaml index 1caecf30..a0e931d7 100644 --- a/config/rbac/kafkaschema_viewer_role.yaml +++ b/config/rbac/kafkaschema_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view kafkaschemas. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: kafkaschema-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - kafkaschemas - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - kafkaschemas/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [kafkaschemas] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [kafkaschemas/status] + verbs: [get] diff --git a/config/rbac/kafkatopic_editor_role.yaml b/config/rbac/kafkatopic_editor_role.yaml index 08fb524e..140f55cf 100644 --- a/config/rbac/kafkatopic_editor_role.yaml +++ b/config/rbac/kafkatopic_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit kafkatopics. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: kafkatopic-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - kafkatopics - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - kafkatopics/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [kafkatopics] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [kafkatopics/status] + verbs: [get] diff --git a/config/rbac/kafkatopic_viewer_role.yaml b/config/rbac/kafkatopic_viewer_role.yaml index 99f64f95..895fd61c 100644 --- a/config/rbac/kafkatopic_viewer_role.yaml +++ b/config/rbac/kafkatopic_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view kafkatopics. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: kafkatopic-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - kafkatopics - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - kafkatopics/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [kafkatopics] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [kafkatopics/status] + verbs: [get] diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 731832a6..27be249e 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -1,18 +1,19 @@ +--- resources: # All RBAC will be applied under this service account in # the deployment namespace. You may comment out this resource # if your manager will use a service account that exists at # runtime. Be sure to update RoleBinding and ClusterRoleBinding # subjects if changing service account names. -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml + - service_account.yaml + - role.yaml + - role_binding.yaml + - leader_election_role.yaml + - leader_election_role_binding.yaml # Comment the following 4 lines if you want to disable # the auth proxy (https://github.com/brancz/kube-rbac-proxy) # which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml + - auth_proxy_service.yaml + - auth_proxy_role.yaml + - auth_proxy_role_binding.yaml + - auth_proxy_client_clusterrole.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 4190ec80..1ee444a7 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -1,37 +1,18 @@ +--- # permissions to do leader election. apiVersion: rbac.authorization.k8s.io/v1 kind: Role + metadata: name: leader-election-role + rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + - apiGroups: [''] + resources: [configmaps] + verbs: [get, list, watch, create, update, patch, delete] + - apiGroups: [coordination.k8s.io] + resources: [leases] + verbs: [get, list, watch, create, update, patch, delete] + - apiGroups: [''] + resources: [events] + verbs: [create, patch] diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 1d1321ed..a22c5a50 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -1,12 +1,16 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding + metadata: name: leader-election-rolebinding + roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: leader-election-role + subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system + - kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/mysql_editor_role.yaml b/config/rbac/mysql_editor_role.yaml index 8e86c9df..a6abd8ca 100644 --- a/config/rbac/mysql_editor_role.yaml +++ b/config/rbac/mysql_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit mysqls. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: mysql-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - mysqls - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - mysqls/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [mysqls] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [mysqls/status] + verbs: [get] diff --git a/config/rbac/mysql_viewer_role.yaml b/config/rbac/mysql_viewer_role.yaml index 7074ec40..3b03d778 100644 --- a/config/rbac/mysql_viewer_role.yaml +++ b/config/rbac/mysql_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view mysqls. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: mysql-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - mysqls - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - mysqls/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [mysqls] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [mysqls/status] + verbs: [get] diff --git a/config/rbac/opensearch_editor_role.yaml b/config/rbac/opensearch_editor_role.yaml index a8f53601..d68964fb 100644 --- a/config/rbac/opensearch_editor_role.yaml +++ b/config/rbac/opensearch_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit opensearches. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: opensearch-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - opensearches - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - opensearches/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [opensearches] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [opensearches/status] + verbs: [get] diff --git a/config/rbac/opensearch_viewer_role.yaml b/config/rbac/opensearch_viewer_role.yaml index 8125d5b7..52151bf8 100644 --- a/config/rbac/opensearch_viewer_role.yaml +++ b/config/rbac/opensearch_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view opensearches. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: opensearch-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - opensearches - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - opensearches/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [opensearches] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [opensearches/status] + verbs: [get] diff --git a/config/rbac/postgresql_editor_role.yaml b/config/rbac/postgresql_editor_role.yaml index e99de1db..b877b86f 100644 --- a/config/rbac/postgresql_editor_role.yaml +++ b/config/rbac/postgresql_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit postgresqls. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: postgresql-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - postgresqls - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - postgresqls/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [postgresqls] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [postgresqls/status] + verbs: [get] diff --git a/config/rbac/postgresql_viewer_role.yaml b/config/rbac/postgresql_viewer_role.yaml index 584b8207..41c0efaf 100644 --- a/config/rbac/postgresql_viewer_role.yaml +++ b/config/rbac/postgresql_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view postgresqls. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: postgresql-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - postgresqls - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - postgresqls/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [postgresqls] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [postgresqls/status] + verbs: [get] diff --git a/config/rbac/project_editor_role.yaml b/config/rbac/project_editor_role.yaml index cd9f2229..3c871a2e 100644 --- a/config/rbac/project_editor_role.yaml +++ b/config/rbac/project_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit projects. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: project-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - projects - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - projects/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [projects] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [projects/status] + verbs: [get] diff --git a/config/rbac/project_viewer_role.yaml b/config/rbac/project_viewer_role.yaml index bdfca203..5536530f 100644 --- a/config/rbac/project_viewer_role.yaml +++ b/config/rbac/project_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view projects. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: project-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - projects - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - projects/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [projects] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [projects/status] + verbs: [get] diff --git a/config/rbac/projectvpc_editor_role.yaml b/config/rbac/projectvpc_editor_role.yaml index de3143c6..c3da6d40 100644 --- a/config/rbac/projectvpc_editor_role.yaml +++ b/config/rbac/projectvpc_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit projectvpcs. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: projectvpc-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - projectvpcs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - projectvpcs/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [projectvpcs] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [projectvpcs/status] + verbs: [get] diff --git a/config/rbac/projectvpc_viewer_role.yaml b/config/rbac/projectvpc_viewer_role.yaml index 9e1ae714..fbc3adc1 100644 --- a/config/rbac/projectvpc_viewer_role.yaml +++ b/config/rbac/projectvpc_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view projectvpcs. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: projectvpc-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - projectvpcs - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - projectvpcs/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [projectvpcs] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [projectvpcs/status] + verbs: [get] diff --git a/config/rbac/redis_editor_role.yaml b/config/rbac/redis_editor_role.yaml index bdac9c42..da71de91 100644 --- a/config/rbac/redis_editor_role.yaml +++ b/config/rbac/redis_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit redis. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: redis-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - redis - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - redis/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [redis] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [redis/status] + verbs: [get] diff --git a/config/rbac/redis_viewer_role.yaml b/config/rbac/redis_viewer_role.yaml index 2bc04c1b..8a562a13 100644 --- a/config/rbac/redis_viewer_role.yaml +++ b/config/rbac/redis_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view redis. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: redis-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - redis - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - redis/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [redis] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [redis/status] + verbs: [get] diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 46e7f1d6..838beb9c 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -1,603 +1,180 @@ --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: - creationTimestamp: null + creationTimestamp: name: manager-role + rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - cassandras - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - cassandras/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - cassandras/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - clickhouses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - clickhouses/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - clickhouses/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - clickhouseusers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - clickhouseusers/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - clickhouseusers/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - connectionpools - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - connectionpools/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - connectionpools/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - databases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - databases/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - grafanas - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - grafanas/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - grafanas/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - kafkaacls - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - kafkaacls/status - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - kafkaconnectors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - kafkaconnectors/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - kafkaconnectors/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - kafkaconnects - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - kafkaconnects/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - kafkaconnects/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - kafkas - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - kafkas/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - kafkas/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - kafkaschemas - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - kafkaschemas/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - kafkatopics - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - kafkatopics/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - mysqls - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - mysqls/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - mysqls/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - opensearches - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - opensearches/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - opensearches/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - postgresqls - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - postgresqls/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - postgresqls/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - projects - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - projects/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - projects/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - projectvpcs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - projectvpcs/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - redis - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - redis/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - redis/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - serviceintegrations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - serviceintegrations/status - verbs: - - get - - patch - - update -- apiGroups: - - aiven.io - resources: - - serviceusers - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - aiven.io - resources: - - serviceusers/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - serviceusers/status - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - list - - update + - apiGroups: [''] + resources: [events] + verbs: [create, patch] + - apiGroups: [''] + resources: [secrets] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [cassandras] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [cassandras/finalizers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [cassandras/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [clickhouses] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [clickhouses/finalizers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [clickhouses/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [clickhouseusers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [clickhouseusers/finalizers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [clickhouseusers/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [connectionpools] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [connectionpools/finalizers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [connectionpools/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [databases] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [databases/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [grafanas] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [grafanas/finalizers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [grafanas/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [kafkaacls] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [kafkaacls/status] + verbs: [create, delete, get, list, watch] + - apiGroups: [aiven.io] + resources: [kafkaconnectors] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [kafkaconnectors/finalizers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [kafkaconnectors/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [kafkaconnects] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [kafkaconnects/finalizers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [kafkaconnects/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [kafkas] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [kafkas/finalizers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [kafkas/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [kafkaschemas] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [kafkaschemas/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [kafkatopics] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [kafkatopics/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [mysqls] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [mysqls/finalizers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [mysqls/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [opensearches] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [opensearches/finalizers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [opensearches/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [postgresqls] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [postgresqls/finalizers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [postgresqls/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [projects] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [projects/finalizers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [projects/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [projectvpcs] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [projectvpcs/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [redis] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [redis/finalizers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [redis/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [serviceintegrations] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [serviceintegrations/status] + verbs: [get, patch, update] + - apiGroups: [aiven.io] + resources: [serviceusers] + verbs: [create, delete, get, list, update, watch] + - apiGroups: [aiven.io] + resources: [serviceusers/finalizers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [serviceusers/status] + verbs: [get, update] + - apiGroups: [coordination.k8s.io] + resources: [leases] + verbs: [create, get, list, update] diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 2070ede4..91fca303 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -1,12 +1,16 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding + metadata: name: manager-rolebinding + roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: manager-role + subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system + - kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index 7cd6025b..e7476002 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -1,5 +1,7 @@ +--- apiVersion: v1 kind: ServiceAccount + metadata: name: controller-manager namespace: system diff --git a/config/rbac/serviceintegration_editor_role.yaml b/config/rbac/serviceintegration_editor_role.yaml index 9f954baa..9efcbc89 100644 --- a/config/rbac/serviceintegration_editor_role.yaml +++ b/config/rbac/serviceintegration_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit serviceintegrations. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: serviceintegration-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - serviceintegrations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - serviceintegrations/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [serviceintegrations] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [serviceintegrations/status] + verbs: [get] diff --git a/config/rbac/serviceintegration_viewer_role.yaml b/config/rbac/serviceintegration_viewer_role.yaml index 42d8dc82..0f2f2cf7 100644 --- a/config/rbac/serviceintegration_viewer_role.yaml +++ b/config/rbac/serviceintegration_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view serviceintegrations. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: serviceintegration-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - serviceintegrations - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - serviceintegrations/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [serviceintegrations] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [serviceintegrations/status] + verbs: [get] diff --git a/config/rbac/serviceuser_editor_role.yaml b/config/rbac/serviceuser_editor_role.yaml index 752a2f5e..cc81cb31 100644 --- a/config/rbac/serviceuser_editor_role.yaml +++ b/config/rbac/serviceuser_editor_role.yaml @@ -1,24 +1,15 @@ +--- # permissions for end users to edit serviceusers. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: serviceuser-editor-role + rules: -- apiGroups: - - aiven.io - resources: - - serviceusers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - aiven.io - resources: - - serviceusers/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [serviceusers] + verbs: [create, delete, get, list, patch, update, watch] + - apiGroups: [aiven.io] + resources: [serviceusers/status] + verbs: [get] diff --git a/config/rbac/serviceuser_viewer_role.yaml b/config/rbac/serviceuser_viewer_role.yaml index c089fd13..a62b9e34 100644 --- a/config/rbac/serviceuser_viewer_role.yaml +++ b/config/rbac/serviceuser_viewer_role.yaml @@ -1,20 +1,15 @@ +--- # permissions for end users to view serviceusers. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole + metadata: name: serviceuser-viewer-role + rules: -- apiGroups: - - aiven.io - resources: - - serviceusers - verbs: - - get - - list - - watch -- apiGroups: - - aiven.io - resources: - - serviceusers/status - verbs: - - get + - apiGroups: [aiven.io] + resources: [serviceusers] + verbs: [get, list, watch] + - apiGroups: [aiven.io] + resources: [serviceusers/status] + verbs: [get] diff --git a/config/samples/_v1alpha1_cassandra.yaml b/config/samples/_v1alpha1_cassandra.yaml index af2d71c3..e9cdccd2 100644 --- a/config/samples/_v1alpha1_cassandra.yaml +++ b/config/samples/_v1alpha1_cassandra.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Cassandra + metadata: name: cassandra-sample + spec: authSecretRef: name: aiven-token diff --git a/config/samples/_v1alpha1_clickhouse.yaml b/config/samples/_v1alpha1_clickhouse.yaml index 9fc02e75..9a799fbe 100644 --- a/config/samples/_v1alpha1_clickhouse.yaml +++ b/config/samples/_v1alpha1_clickhouse.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Clickhouse + metadata: name: clickhouse-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_clickhouseuser.yaml b/config/samples/_v1alpha1_clickhouseuser.yaml index affdec60..ef4edb82 100644 --- a/config/samples/_v1alpha1_clickhouseuser.yaml +++ b/config/samples/_v1alpha1_clickhouseuser.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: ClickhouseUser + metadata: name: clickhouseuser-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_connectionpool.yaml b/config/samples/_v1alpha1_connectionpool.yaml index 82317fda..374934da 100644 --- a/config/samples/_v1alpha1_connectionpool.yaml +++ b/config/samples/_v1alpha1_connectionpool.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: ConnectionPool + metadata: name: connectionpool-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_database.yaml b/config/samples/_v1alpha1_database.yaml index 1dab69f4..5656c871 100644 --- a/config/samples/_v1alpha1_database.yaml +++ b/config/samples/_v1alpha1_database.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Database + metadata: name: database-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_grafana.yaml b/config/samples/_v1alpha1_grafana.yaml index e938d19d..b3324df3 100644 --- a/config/samples/_v1alpha1_grafana.yaml +++ b/config/samples/_v1alpha1_grafana.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Grafana + metadata: name: grafana-simple + spec: authSecretRef: name: aiven-token diff --git a/config/samples/_v1alpha1_kafka.yaml b/config/samples/_v1alpha1_kafka.yaml index 70f154ce..733ee018 100644 --- a/config/samples/_v1alpha1_kafka.yaml +++ b/config/samples/_v1alpha1_kafka.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Kafka + metadata: name: kafka-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_kafkaacl.yaml b/config/samples/_v1alpha1_kafkaacl.yaml index 13dc324e..6a50111c 100644 --- a/config/samples/_v1alpha1_kafkaacl.yaml +++ b/config/samples/_v1alpha1_kafkaacl.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: KafkaACL + metadata: name: kafkaacl-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_kafkaconnect.yaml b/config/samples/_v1alpha1_kafkaconnect.yaml index 03f4b6cd..a62bcf7f 100644 --- a/config/samples/_v1alpha1_kafkaconnect.yaml +++ b/config/samples/_v1alpha1_kafkaconnect.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: KafkaConnect + metadata: name: kafkaconnect-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_kafkaconnector.yaml b/config/samples/_v1alpha1_kafkaconnector.yaml index 47a4cbe2..0a57a28b 100644 --- a/config/samples/_v1alpha1_kafkaconnector.yaml +++ b/config/samples/_v1alpha1_kafkaconnector.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: KafkaConnector + metadata: name: kafkaconnector-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_kafkaschema.yaml b/config/samples/_v1alpha1_kafkaschema.yaml index f793d378..49504118 100644 --- a/config/samples/_v1alpha1_kafkaschema.yaml +++ b/config/samples/_v1alpha1_kafkaschema.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: KafkaSchema + metadata: name: kafkaschema-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_kafkatopic.yaml b/config/samples/_v1alpha1_kafkatopic.yaml index c607a215..04e3f6de 100644 --- a/config/samples/_v1alpha1_kafkatopic.yaml +++ b/config/samples/_v1alpha1_kafkatopic.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: KafkaTopic + metadata: name: kafkatopic-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_mysql.yaml b/config/samples/_v1alpha1_mysql.yaml index e1a8e560..6c0a7b68 100644 --- a/config/samples/_v1alpha1_mysql.yaml +++ b/config/samples/_v1alpha1_mysql.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: MySQL + metadata: name: mysql-sample + spec: authSecretRef: name: aiven-token diff --git a/config/samples/_v1alpha1_opensearch.yaml b/config/samples/_v1alpha1_opensearch.yaml index b24b2110..d7d35640 100644 --- a/config/samples/_v1alpha1_opensearch.yaml +++ b/config/samples/_v1alpha1_opensearch.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: OpenSearch + metadata: name: opensearch-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_postgresql.yaml b/config/samples/_v1alpha1_postgresql.yaml index 959cc476..8780c34f 100644 --- a/config/samples/_v1alpha1_postgresql.yaml +++ b/config/samples/_v1alpha1_postgresql.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: PostgreSQL + metadata: name: postgresql-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_project.yaml b/config/samples/_v1alpha1_project.yaml index 035a1861..8536df59 100644 --- a/config/samples/_v1alpha1_project.yaml +++ b/config/samples/_v1alpha1_project.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Project + metadata: name: project-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_projectvpc.yaml b/config/samples/_v1alpha1_projectvpc.yaml index b2b881bd..8a9c18cc 100644 --- a/config/samples/_v1alpha1_projectvpc.yaml +++ b/config/samples/_v1alpha1_projectvpc.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: ProjectVPC + metadata: name: projectvpc-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_redis.yaml b/config/samples/_v1alpha1_redis.yaml index 4f910a1f..718b17f7 100644 --- a/config/samples/_v1alpha1_redis.yaml +++ b/config/samples/_v1alpha1_redis.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Redis + metadata: name: redis-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_serviceintegration.yaml b/config/samples/_v1alpha1_serviceintegration.yaml index 7d868da9..5db0f33a 100644 --- a/config/samples/_v1alpha1_serviceintegration.yaml +++ b/config/samples/_v1alpha1_serviceintegration.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: ServiceIntegration + metadata: name: serviceintegration-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/_v1alpha1_serviceuser.yaml b/config/samples/_v1alpha1_serviceuser.yaml index 7dce2a4a..8f32ebb6 100644 --- a/config/samples/_v1alpha1_serviceuser.yaml +++ b/config/samples/_v1alpha1_serviceuser.yaml @@ -1,6 +1,9 @@ +--- apiVersion: aiven.io/v1alpha1 kind: ServiceUser + metadata: name: serviceuser-sample + spec: # TODO(user): Add fields here diff --git a/config/samples/aiven.io_v1alpha1_clickhouse.yaml b/config/samples/aiven.io_v1alpha1_clickhouse.yaml index b1b7a57f..cab42d13 100644 --- a/config/samples/aiven.io_v1alpha1_clickhouse.yaml +++ b/config/samples/aiven.io_v1alpha1_clickhouse.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Clickhouse + metadata: name: ch-sample + spec: authSecretRef: name: aiven-token diff --git a/config/samples/aiven.io_v1alpha1_clickhouseuser.yaml b/config/samples/aiven.io_v1alpha1_clickhouseuser.yaml index 27e9068c..91e46413 100644 --- a/config/samples/aiven.io_v1alpha1_clickhouseuser.yaml +++ b/config/samples/aiven.io_v1alpha1_clickhouseuser.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: ClickhouseUser + metadata: name: ch-user-sample + spec: authSecretRef: name: aiven-token diff --git a/config/samples/aiven.io_v1alpha1_kafka.yaml b/config/samples/aiven.io_v1alpha1_kafka.yaml index ca33eba3..2c416365 100644 --- a/config/samples/aiven.io_v1alpha1_kafka.yaml +++ b/config/samples/aiven.io_v1alpha1_kafka.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Kafka + metadata: name: kafka-sample + spec: authSecretRef: name: aiven-token diff --git a/config/samples/aiven.io_v1alpha1_opensearch.yaml b/config/samples/aiven.io_v1alpha1_opensearch.yaml index f2b93601..f3cb64e0 100644 --- a/config/samples/aiven.io_v1alpha1_opensearch.yaml +++ b/config/samples/aiven.io_v1alpha1_opensearch.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: OpenSearch + metadata: name: os-sample + spec: authSecretRef: name: aiven-token diff --git a/config/samples/aiven.io_v1alpha1_redis.yaml b/config/samples/aiven.io_v1alpha1_redis.yaml index 75d7ddd9..f0b9257d 100644 --- a/config/samples/aiven.io_v1alpha1_redis.yaml +++ b/config/samples/aiven.io_v1alpha1_redis.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Redis + metadata: name: redis-sample + spec: authSecretRef: name: aiven-token @@ -19,4 +22,4 @@ spec: maintenanceWindowTime: 23:00:00 userConfig: - redis_maxmemory_policy: "allkeys-random" + redis_maxmemory_policy: allkeys-random diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index 60d8c379..fd0123eb 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -1,23 +1,25 @@ -## Append samples you want in your CSV to this file as resources ## +--- +## Append samples you want in your CSV to this file as resources ## resources: -- _v1alpha1_clickhouse.yaml -- _v1alpha1_clickhouseuser.yaml -- _v1alpha1_connectionpool.yaml -- _v1alpha1_database.yaml -- _v1alpha1_kafka.yaml -- _v1alpha1_kafkaacl.yaml -- _v1alpha1_kafkaconnect.yaml -- _v1alpha1_kafkaconnector.yaml -- _v1alpha1_kafkaschema.yaml -- _v1alpha1_kafkatopic.yaml -- _v1alpha1_opensearch.yaml -- _v1alpha1_postgresql.yaml -- _v1alpha1_project.yaml -- _v1alpha1_projectvpc.yaml -- _v1alpha1_redis.yaml -- _v1alpha1_serviceintegration.yaml -- _v1alpha1_serviceuser.yaml -- _v1alpha1_mysql.yaml -- _v1alpha1_cassandra.yaml -- _v1alpha1_grafana.yaml + - _v1alpha1_clickhouse.yaml + - _v1alpha1_clickhouseuser.yaml + - _v1alpha1_connectionpool.yaml + - _v1alpha1_database.yaml + - _v1alpha1_kafka.yaml + - _v1alpha1_kafkaacl.yaml + - _v1alpha1_kafkaconnect.yaml + - _v1alpha1_kafkaconnector.yaml + - _v1alpha1_kafkaschema.yaml + - _v1alpha1_kafkatopic.yaml + - _v1alpha1_opensearch.yaml + - _v1alpha1_postgresql.yaml + - _v1alpha1_project.yaml + - _v1alpha1_projectvpc.yaml + - _v1alpha1_redis.yaml + - _v1alpha1_serviceintegration.yaml + - _v1alpha1_serviceuser.yaml + - _v1alpha1_mysql.yaml + - _v1alpha1_cassandra.yaml + - _v1alpha1_grafana.yaml + #+kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/scorecard/bases/config.yaml b/config/scorecard/bases/config.yaml index c7704784..5e58e36c 100644 --- a/config/scorecard/bases/config.yaml +++ b/config/scorecard/bases/config.yaml @@ -1,7 +1,10 @@ +--- apiVersion: scorecard.operatorframework.io/v1alpha3 kind: Configuration + metadata: name: config + stages: -- parallel: true - tests: [] + - parallel: true + tests: [] diff --git a/config/scorecard/kustomization.yaml b/config/scorecard/kustomization.yaml index 50cd2d08..d2dc3a0a 100644 --- a/config/scorecard/kustomization.yaml +++ b/config/scorecard/kustomization.yaml @@ -1,16 +1,18 @@ -resources: -- bases/config.yaml +--- +resources: [bases/config.yaml] + patchesJson6902: -- path: patches/basic.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config -- path: patches/olm.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config + - path: patches/basic.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config + - path: patches/olm.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config + #+kubebuilder:scaffold:patchesJson6902 diff --git a/config/scorecard/patches/basic.config.yaml b/config/scorecard/patches/basic.config.yaml index bb8153f6..1deb726f 100644 --- a/config/scorecard/patches/basic.config.yaml +++ b/config/scorecard/patches/basic.config.yaml @@ -1,9 +1,8 @@ +--- - op: add path: /stages/0/tests/- value: - entrypoint: - - scorecard-test - - basic-check-spec + entrypoint: [scorecard-test, basic-check-spec] image: quay.io/operator-framework/scorecard-test:v1.24.0 labels: suite: basic diff --git a/config/scorecard/patches/olm.config.yaml b/config/scorecard/patches/olm.config.yaml index 4e2f4b83..934bd5b8 100644 --- a/config/scorecard/patches/olm.config.yaml +++ b/config/scorecard/patches/olm.config.yaml @@ -1,9 +1,8 @@ +--- - op: add path: /stages/0/tests/- value: - entrypoint: - - scorecard-test - - olm-bundle-validation + entrypoint: [scorecard-test, olm-bundle-validation] image: quay.io/operator-framework/scorecard-test:v1.24.0 labels: suite: olm @@ -11,9 +10,7 @@ - op: add path: /stages/0/tests/- value: - entrypoint: - - scorecard-test - - olm-crds-have-validation + entrypoint: [scorecard-test, olm-crds-have-validation] image: quay.io/operator-framework/scorecard-test:v1.24.0 labels: suite: olm @@ -21,9 +18,7 @@ - op: add path: /stages/0/tests/- value: - entrypoint: - - scorecard-test - - olm-crds-have-resources + entrypoint: [scorecard-test, olm-crds-have-resources] image: quay.io/operator-framework/scorecard-test:v1.24.0 labels: suite: olm @@ -31,9 +26,7 @@ - op: add path: /stages/0/tests/- value: - entrypoint: - - scorecard-test - - olm-spec-descriptors + entrypoint: [scorecard-test, olm-spec-descriptors] image: quay.io/operator-framework/scorecard-test:v1.24.0 labels: suite: olm @@ -41,9 +34,7 @@ - op: add path: /stages/0/tests/- value: - entrypoint: - - scorecard-test - - olm-status-descriptors + entrypoint: [scorecard-test, olm-status-descriptors] image: quay.io/operator-framework/scorecard-test:v1.24.0 labels: suite: olm diff --git a/config/webhook/kustomization.yaml b/config/webhook/kustomization.yaml index 9cf26134..400bedac 100644 --- a/config/webhook/kustomization.yaml +++ b/config/webhook/kustomization.yaml @@ -1,6 +1,4 @@ -resources: -- manifests.yaml -- service.yaml +--- +resources: [manifests.yaml, service.yaml] -configurations: -- kustomizeconfig.yaml +configurations: [kustomizeconfig.yaml] diff --git a/config/webhook/kustomizeconfig.yaml b/config/webhook/kustomizeconfig.yaml index 25e21e3c..b414c2fe 100644 --- a/config/webhook/kustomizeconfig.yaml +++ b/config/webhook/kustomizeconfig.yaml @@ -1,25 +1,26 @@ +--- # the following config is for teaching kustomize where to look at when substituting vars. # It requires kustomize v2.1.0 or newer to work properly. nameReference: -- kind: Service - version: v1 - fieldSpecs: + - kind: Service + version: v1 + fieldSpecs: + - kind: MutatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/name + - kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/name + +namespace: - kind: MutatingWebhookConfiguration group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/name + path: webhooks/clientConfig/service/namespace + create: true - kind: ValidatingWebhookConfiguration group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/name - -namespace: -- kind: MutatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/namespace - create: true -- kind: ValidatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/namespace - create: true + path: webhooks/clientConfig/service/namespace + create: true varReference: -- path: metadata/annotations + - path: metadata/annotations diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index c6bf25f2..e59e57e7 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -1,788 +1,551 @@ --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration + metadata: - creationTimestamp: null + creationTimestamp: name: mutating-webhook-configuration + webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-cassandra - failurePolicy: Fail - name: mcassandra.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - cassandras - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-clickhouse - failurePolicy: Fail - name: mclickhouse.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - clickhouses - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-clickhouseuser - failurePolicy: Fail - name: mclickhouseuser.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - clickhouseusers - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-connectionpool - failurePolicy: Fail - name: mconnectionpool.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - connectionpools - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-database - failurePolicy: Fail - name: mdatabase.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - databases - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-grafana - failurePolicy: Fail - name: mgrafana.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - grafanas - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-kafka - failurePolicy: Fail - name: mkafka.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkas - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-kafkaacl - failurePolicy: Fail - name: mkafkaacl.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkaacls - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-kafkaconnect - failurePolicy: Fail - name: mkafkaconnect.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkaconnects - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-kafkaconnector - failurePolicy: Fail - name: mkafkaconnector.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkaconnectors - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-kafkaschema - failurePolicy: Fail - name: mkafkaschema.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkaschemas - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-kafkatopic - failurePolicy: Fail - name: mkafkatopic.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkatopics - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-mysql - failurePolicy: Fail - name: mmysql.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - mysqls - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-opensearch - failurePolicy: Fail - name: mopensearch.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - opensearches - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-postgresql - failurePolicy: Fail - name: mpg.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - postgresqls - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-project - failurePolicy: Fail - name: mproject.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - projects - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-redis - failurePolicy: Fail - name: mredis.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - redis - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-serviceintegration - failurePolicy: Fail - name: mserviceintegration.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - serviceintegrations - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-aiven-io-v1alpha1-serviceuser - failurePolicy: Fail - name: mserviceuser.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - serviceusers - sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-cassandra + failurePolicy: Fail + name: mcassandra.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [cassandras] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-clickhouse + failurePolicy: Fail + name: mclickhouse.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [clickhouses] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-clickhouseuser + failurePolicy: Fail + name: mclickhouseuser.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [clickhouseusers] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-connectionpool + failurePolicy: Fail + name: mconnectionpool.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [connectionpools] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-database + failurePolicy: Fail + name: mdatabase.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [databases] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-grafana + failurePolicy: Fail + name: mgrafana.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [grafanas] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-kafka + failurePolicy: Fail + name: mkafka.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [kafkas] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-kafkaacl + failurePolicy: Fail + name: mkafkaacl.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [kafkaacls] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-kafkaconnect + failurePolicy: Fail + name: mkafkaconnect.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [kafkaconnects] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-kafkaconnector + failurePolicy: Fail + name: mkafkaconnector.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [kafkaconnectors] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-kafkaschema + failurePolicy: Fail + name: mkafkaschema.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [kafkaschemas] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-kafkatopic + failurePolicy: Fail + name: mkafkatopic.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [kafkatopics] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-mysql + failurePolicy: Fail + name: mmysql.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [mysqls] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-opensearch + failurePolicy: Fail + name: mopensearch.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [opensearches] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-postgresql + failurePolicy: Fail + name: mpg.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [postgresqls] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-project + failurePolicy: Fail + name: mproject.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [projects] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-redis + failurePolicy: Fail + name: mredis.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [redis] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-serviceintegration + failurePolicy: Fail + name: mserviceintegration.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [serviceintegrations] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-aiven-io-v1alpha1-serviceuser + failurePolicy: Fail + name: mserviceuser.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [serviceusers] + sideEffects: None + --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration + metadata: - creationTimestamp: null + creationTimestamp: name: validating-webhook-configuration + webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-cassandra - failurePolicy: Fail - name: vcassandra.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - cassandras - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-clickhouse - failurePolicy: Fail - name: vclickhouse.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - clickhouses - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-clickhouseuser - failurePolicy: Fail - name: vclickhouseuser.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - clickhouseusers - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-connectionpool - failurePolicy: Fail - name: vconnectionpool.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - connectionpools - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-database - failurePolicy: Fail - name: vdatabase.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - databases - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-grafana - failurePolicy: Fail - name: vgrafana.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - grafanas - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-kafka - failurePolicy: Fail - name: vkafka.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - kafkas - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-kafkaacl - failurePolicy: Fail - name: vkafkaacl.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkaacls - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-kafkaconnect - failurePolicy: Fail - name: vkafkaconnect.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - kafkaconnects - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-kafkaconnector - failurePolicy: Fail - name: vkafkaconnector.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - kafkaconnectors - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-kafkaschema - failurePolicy: Fail - name: vkafkaschema.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkaschemas - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-kafkatopic - failurePolicy: Fail - name: vkafkatopic.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - kafkatopics - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-mysql - failurePolicy: Fail - name: vmysql.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - mysqls - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-opensearch - failurePolicy: Fail - name: vopensearch.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - opensearches - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-postgresql - failurePolicy: Fail - name: vpg.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - postgresqls - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-project - failurePolicy: Fail - name: vproject.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - projects - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-redis - failurePolicy: Fail - name: vredis.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - redis - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-serviceintegration - failurePolicy: Fail - name: vserviceintegration.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - serviceintegrations - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-aiven-io-v1alpha1-serviceuser - failurePolicy: Fail - name: vserviceuser.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - serviceusers - sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-cassandra + failurePolicy: Fail + name: vcassandra.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE, DELETE] + resources: [cassandras] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-clickhouse + failurePolicy: Fail + name: vclickhouse.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE, DELETE] + resources: [clickhouses] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-clickhouseuser + failurePolicy: Fail + name: vclickhouseuser.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [clickhouseusers] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-connectionpool + failurePolicy: Fail + name: vconnectionpool.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE, DELETE] + resources: [connectionpools] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-database + failurePolicy: Fail + name: vdatabase.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE, DELETE] + resources: [databases] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-grafana + failurePolicy: Fail + name: vgrafana.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE, DELETE] + resources: [grafanas] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-kafka + failurePolicy: Fail + name: vkafka.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE, DELETE] + resources: [kafkas] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-kafkaacl + failurePolicy: Fail + name: vkafkaacl.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [kafkaacls] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-kafkaconnect + failurePolicy: Fail + name: vkafkaconnect.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE, DELETE] + resources: [kafkaconnects] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-kafkaconnector + failurePolicy: Fail + name: vkafkaconnector.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE, DELETE] + resources: [kafkaconnectors] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-kafkaschema + failurePolicy: Fail + name: vkafkaschema.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [kafkaschemas] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-kafkatopic + failurePolicy: Fail + name: vkafkatopic.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE, DELETE] + resources: [kafkatopics] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-mysql + failurePolicy: Fail + name: vmysql.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE, DELETE] + resources: [mysqls] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-opensearch + failurePolicy: Fail + name: vopensearch.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE, DELETE] + resources: [opensearches] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-postgresql + failurePolicy: Fail + name: vpg.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE, DELETE] + resources: [postgresqls] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-project + failurePolicy: Fail + name: vproject.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE, DELETE] + resources: [projects] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-redis + failurePolicy: Fail + name: vredis.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE, DELETE] + resources: [redis] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-serviceintegration + failurePolicy: Fail + name: vserviceintegration.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [serviceintegrations] + sideEffects: None + - admissionReviewVersions: [v1] + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-aiven-io-v1alpha1-serviceuser + failurePolicy: Fail + name: vserviceuser.kb.io + rules: + - apiGroups: [aiven.io] + apiVersions: [v1alpha1] + operations: [CREATE, UPDATE] + resources: [serviceusers] + sideEffects: None diff --git a/config/webhook/service.yaml b/config/webhook/service.yaml index 3f638bd9..a9a79487 100644 --- a/config/webhook/service.yaml +++ b/config/webhook/service.yaml @@ -1,9 +1,11 @@ - +--- apiVersion: v1 kind: Service + metadata: name: webhook-service namespace: system + spec: ports: - port: 443 diff --git a/controllers/basic_controller.go b/controllers/basic_controller.go index 534ace59..fe5772d7 100644 --- a/controllers/basic_controller.go +++ b/controllers/basic_controller.go @@ -346,7 +346,7 @@ func (i *instanceReconcilerHelper) finalize(ctx context.Context, o v1alpha1.Aive deletionPolicy := deletionPolicyDelete // Parse the annotations for the deletion policy. For simplicity, we only allow 'Orphan'. - // If set will skip the deletion of the remote object. Disable by removing the annoation. + // If set will skip the deletion of the remote object. Disable by removing the annotation. if p, ok := o.GetAnnotations()[deletionPolicyAnnotation]; ok { deletionPolicy = deletionPolicyOrphan if p != deletionPolicyOrphan { diff --git a/controllers/kafkaconnector_controller.go b/controllers/kafkaconnector_controller.go index bd86011f..d091b243 100644 --- a/controllers/kafkaconnector_controller.go +++ b/controllers/kafkaconnector_controller.go @@ -90,7 +90,7 @@ func (h KafkaConnectorHandler) createOrUpdate(ctx context.Context, avn *aiven.Cl return nil } -// buildConnectorConfig joins mandatory fields with additional conncetor specific config +// buildConnectorConfig joins mandatory fields with additional connector specific config func (h KafkaConnectorHandler) buildConnectorConfig(conn *v1alpha1.KafkaConnector) (aiven.KafkaConnectorConfig, error) { const ( configFieldConnectorName = "name" diff --git a/controllers/postgresql_controller.go b/controllers/postgresql_controller.go index b2d90a86..e07f4f5b 100644 --- a/controllers/postgresql_controller.go +++ b/controllers/postgresql_controller.go @@ -25,7 +25,7 @@ type PostgreSQLReconciler struct { //+kubebuilder:rbac:groups=aiven.io,resources=postgresqls/finalizers,verbs=get;list;watch;create;update;patch;delete func (r *PostgreSQLReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { - return r.reconcileInstance(ctx, req, newGenericServiceHandler(newPostgresSQLAdapter), &v1alpha1.PostgreSQL{}) + return r.reconcileInstance(ctx, req, newGenericServiceHandler(newpostgreSQLAdapter), &v1alpha1.PostgreSQL{}) } func (r *PostgreSQLReconciler) SetupWithManager(mgr ctrl.Manager) error { @@ -35,36 +35,36 @@ func (r *PostgreSQLReconciler) SetupWithManager(mgr ctrl.Manager) error { Complete(r) } -func newPostgresSQLAdapter(_ *aiven.Client, object client.Object) (serviceAdapter, error) { +func newpostgreSQLAdapter(_ *aiven.Client, object client.Object) (serviceAdapter, error) { pg, ok := object.(*v1alpha1.PostgreSQL) if !ok { - return nil, fmt.Errorf("object is not of type v1alpha1.PostgresSQL") + return nil, fmt.Errorf("object is not of type v1alpha1.PostgreSQL") } - return &postgresSQLAdapter{pg}, nil + return &postgreSQLAdapter{pg}, nil } -// postgresSQLAdapter handles an Aiven PostgresSQL service -type postgresSQLAdapter struct { +// postgreSQLAdapter handles an Aiven postgreSQL service +type postgreSQLAdapter struct { *v1alpha1.PostgreSQL } -func (a *postgresSQLAdapter) getObjectMeta() *metav1.ObjectMeta { +func (a *postgreSQLAdapter) getObjectMeta() *metav1.ObjectMeta { return &a.ObjectMeta } -func (a *postgresSQLAdapter) getServiceStatus() *v1alpha1.ServiceStatus { +func (a *postgreSQLAdapter) getServiceStatus() *v1alpha1.ServiceStatus { return &a.Status } -func (a *postgresSQLAdapter) getServiceCommonSpec() *v1alpha1.ServiceCommonSpec { +func (a *postgreSQLAdapter) getServiceCommonSpec() *v1alpha1.ServiceCommonSpec { return &a.Spec.ServiceCommonSpec } -func (a *postgresSQLAdapter) getUserConfig() any { +func (a *postgreSQLAdapter) getUserConfig() any { return &a.Spec.UserConfig } -func (a *postgresSQLAdapter) newSecret(ctx context.Context, s *aiven.Service) (*corev1.Secret, error) { +func (a *postgreSQLAdapter) newSecret(ctx context.Context, s *aiven.Service) (*corev1.Secret, error) { prefix := getSecretPrefix(a) stringData := map[string]string{ prefix + "HOST": s.URIParams["host"], @@ -87,10 +87,10 @@ func (a *postgresSQLAdapter) newSecret(ctx context.Context, s *aiven.Service) (* return newSecret(a, stringData, false), nil } -func (a *postgresSQLAdapter) getServiceType() string { +func (a *postgreSQLAdapter) getServiceType() string { return "pg" } -func (a *postgresSQLAdapter) getDiskSpace() string { +func (a *postgreSQLAdapter) getDiskSpace() string { return a.Spec.DiskSpace } diff --git a/docs/docs/api-reference/cassandra.md b/docs/docs/api-reference/cassandra.md index b200d4ce..f38393ef 100644 --- a/docs/docs/api-reference/cassandra.md +++ b/docs/docs/api-reference/cassandra.md @@ -84,8 +84,8 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). ## connInfoSecretTarget {: #spec.connInfoSecretTarget } @@ -111,11 +111,11 @@ ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID aut **Required** -- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). +- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). **Optional** -- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). +- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). ## serviceIntegrations {: #spec.serviceIntegrations } @@ -125,8 +125,8 @@ Service integrations to specify when creating a service. Not applied after initi **Required** -- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). -- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). +- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). +- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). ## userConfig {: #spec.userConfig } @@ -196,4 +196,3 @@ Allow access to selected service ports from the public Internet. **Required** - [`prometheus`](#spec.userConfig.public_access.prometheus-property){: name='spec.userConfig.public_access.prometheus-property'} (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network. - diff --git a/docs/docs/api-reference/clickhouse.md b/docs/docs/api-reference/clickhouse.md index f95407db..87834973 100644 --- a/docs/docs/api-reference/clickhouse.md +++ b/docs/docs/api-reference/clickhouse.md @@ -75,8 +75,8 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). ## connInfoSecretTarget {: #spec.connInfoSecretTarget } @@ -102,11 +102,11 @@ ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID aut **Required** -- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). +- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). **Optional** -- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). +- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). ## serviceIntegrations {: #spec.serviceIntegrations } @@ -116,8 +116,8 @@ Service integrations to specify when creating a service. Not applied after initi **Required** -- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). -- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). +- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). +- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). ## userConfig {: #spec.userConfig } @@ -189,4 +189,3 @@ Allow access to selected service ports from the public Internet. - [`clickhouse_https`](#spec.userConfig.public_access.clickhouse_https-property){: name='spec.userConfig.public_access.clickhouse_https-property'} (boolean). Allow clients to connect to clickhouse_https from the public internet for service nodes that are in a project VPC or another type of private network. - [`clickhouse_mysql`](#spec.userConfig.public_access.clickhouse_mysql-property){: name='spec.userConfig.public_access.clickhouse_mysql-property'} (boolean). Allow clients to connect to clickhouse_mysql from the public internet for service nodes that are in a project VPC or another type of private network. - [`prometheus`](#spec.userConfig.public_access.prometheus-property){: name='spec.userConfig.public_access.prometheus-property'} (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network. - diff --git a/docs/docs/api-reference/clickhouseuser.md b/docs/docs/api-reference/clickhouseuser.md index ad2da11e..e30e1180 100644 --- a/docs/docs/api-reference/clickhouseuser.md +++ b/docs/docs/api-reference/clickhouseuser.md @@ -61,8 +61,8 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). ## connInfoSecretTarget {: #spec.connInfoSecretTarget } @@ -79,4 +79,3 @@ Information regarding secret creation. Exposed keys: `CLICKHOUSEUSER_HOST`, `CLI - [`annotations`](#spec.connInfoSecretTarget.annotations-property){: name='spec.connInfoSecretTarget.annotations-property'} (object, AdditionalProperties: string). Annotations added to the secret. - [`labels`](#spec.connInfoSecretTarget.labels-property){: name='spec.connInfoSecretTarget.labels-property'} (object, AdditionalProperties: string). Labels added to the secret. - [`prefix`](#spec.connInfoSecretTarget.prefix-property){: name='spec.connInfoSecretTarget.prefix-property'} (string). Prefix for the secret's keys. Added "as is" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - diff --git a/docs/docs/api-reference/connectionpool.md b/docs/docs/api-reference/connectionpool.md index 53e500e1..9905d6d7 100644 --- a/docs/docs/api-reference/connectionpool.md +++ b/docs/docs/api-reference/connectionpool.md @@ -69,8 +69,8 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). ## connInfoSecretTarget {: #spec.connInfoSecretTarget } @@ -87,4 +87,3 @@ Information regarding secret creation. Exposed keys: `CONNECTIONPOOL_NAME`, `CON - [`annotations`](#spec.connInfoSecretTarget.annotations-property){: name='spec.connInfoSecretTarget.annotations-property'} (object, AdditionalProperties: string). Annotations added to the secret. - [`labels`](#spec.connInfoSecretTarget.labels-property){: name='spec.connInfoSecretTarget.labels-property'} (object, AdditionalProperties: string). Labels added to the secret. - [`prefix`](#spec.connInfoSecretTarget.prefix-property){: name='spec.connInfoSecretTarget.prefix-property'} (string). Prefix for the secret's keys. Added "as is" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - diff --git a/docs/docs/api-reference/database.md b/docs/docs/api-reference/database.md index 61ce1948..c36af121 100644 --- a/docs/docs/api-reference/database.md +++ b/docs/docs/api-reference/database.md @@ -58,6 +58,5 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). - +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). diff --git a/docs/docs/api-reference/examples/cassandra.yaml b/docs/docs/api-reference/examples/cassandra.yaml index e6051817..cdf9e1c2 100644 --- a/docs/docs/api-reference/examples/cassandra.yaml +++ b/docs/docs/api-reference/examples/cassandra.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Cassandra + metadata: name: my-cassandra + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/examples/clickhouse.yaml b/docs/docs/api-reference/examples/clickhouse.yaml index 3ae89c57..dff969b1 100644 --- a/docs/docs/api-reference/examples/clickhouse.yaml +++ b/docs/docs/api-reference/examples/clickhouse.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Clickhouse + metadata: name: my-clickhouse + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/examples/clickhouseuser.yaml b/docs/docs/api-reference/examples/clickhouseuser.yaml index d4e28369..59073d4e 100644 --- a/docs/docs/api-reference/examples/clickhouseuser.yaml +++ b/docs/docs/api-reference/examples/clickhouseuser.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: ClickhouseUser + metadata: name: my-clickhouse-user + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/examples/connectionpool.yaml b/docs/docs/api-reference/examples/connectionpool.yaml index 224d93cc..207f6c5a 100644 --- a/docs/docs/api-reference/examples/connectionpool.yaml +++ b/docs/docs/api-reference/examples/connectionpool.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: ConnectionPool + metadata: name: my-connection-pool + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/examples/database.yaml b/docs/docs/api-reference/examples/database.yaml index cb9d2a7f..709a3e95 100644 --- a/docs/docs/api-reference/examples/database.yaml +++ b/docs/docs/api-reference/examples/database.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Database + metadata: name: my-db + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/examples/grafana.yaml b/docs/docs/api-reference/examples/grafana.yaml index 401ac0e3..0dff4f29 100644 --- a/docs/docs/api-reference/examples/grafana.yaml +++ b/docs/docs/api-reference/examples/grafana.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Grafana + metadata: name: my-grafana + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/examples/kafka.yaml b/docs/docs/api-reference/examples/kafka.yaml index 2d52f98e..273e3528 100644 --- a/docs/docs/api-reference/examples/kafka.yaml +++ b/docs/docs/api-reference/examples/kafka.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Kafka + metadata: name: my-kafka + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/examples/kafkaacl.yaml b/docs/docs/api-reference/examples/kafkaacl.yaml index e2a220a1..c627bd0d 100644 --- a/docs/docs/api-reference/examples/kafkaacl.yaml +++ b/docs/docs/api-reference/examples/kafkaacl.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: KafkaACL + metadata: name: my-kafka-acl + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/examples/kafkaconnect.yaml b/docs/docs/api-reference/examples/kafkaconnect.yaml index 4bf5ef00..1fedafeb 100644 --- a/docs/docs/api-reference/examples/kafkaconnect.yaml +++ b/docs/docs/api-reference/examples/kafkaconnect.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: KafkaConnect + metadata: name: my-kafka-connect + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/examples/kafkaschema.yaml b/docs/docs/api-reference/examples/kafkaschema.yaml index f8b3707c..702d461f 100644 --- a/docs/docs/api-reference/examples/kafkaschema.yaml +++ b/docs/docs/api-reference/examples/kafkaschema.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: KafkaSchema + metadata: name: my-schema + spec: authSecretRef: name: aiven-token @@ -11,7 +14,7 @@ spec: serviceName: my-kafka subjectName: mny-subject compatibilityLevel: BACKWARD - schema: | + schema: |- { "doc": "example_doc", "fields": [{ diff --git a/docs/docs/api-reference/examples/kafkatopic.yaml b/docs/docs/api-reference/examples/kafkatopic.yaml index d95f7aaf..279e10fe 100644 --- a/docs/docs/api-reference/examples/kafkatopic.yaml +++ b/docs/docs/api-reference/examples/kafkatopic.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: KafkaTopic + metadata: name: kafka-topic + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/examples/mysql.yaml b/docs/docs/api-reference/examples/mysql.yaml index 3c2be87f..db4f53d0 100644 --- a/docs/docs/api-reference/examples/mysql.yaml +++ b/docs/docs/api-reference/examples/mysql.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: MySQL + metadata: name: my-mysql + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/examples/opensearch.yaml b/docs/docs/api-reference/examples/opensearch.yaml index 48a87b64..9357086b 100644 --- a/docs/docs/api-reference/examples/opensearch.yaml +++ b/docs/docs/api-reference/examples/opensearch.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: OpenSearch + metadata: name: my-os + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/examples/postgresql.yaml b/docs/docs/api-reference/examples/postgresql.yaml index 498e9ea6..582682d6 100644 --- a/docs/docs/api-reference/examples/postgresql.yaml +++ b/docs/docs/api-reference/examples/postgresql.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: PostgreSQL + metadata: name: my-postgresql + spec: authSecretRef: name: aiven-token @@ -23,4 +26,4 @@ spec: maintenanceWindowTime: 11:00:00 userConfig: - pg_version: "15" + pg_version: '15' diff --git a/docs/docs/api-reference/examples/project.yaml b/docs/docs/api-reference/examples/project.yaml index e5ab40c4..bec13d16 100644 --- a/docs/docs/api-reference/examples/project.yaml +++ b/docs/docs/api-reference/examples/project.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Project + metadata: name: my-project + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/examples/projectvpc.yaml b/docs/docs/api-reference/examples/projectvpc.yaml index 1d9d11a6..88b30d8a 100644 --- a/docs/docs/api-reference/examples/projectvpc.yaml +++ b/docs/docs/api-reference/examples/projectvpc.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: ProjectVPC + metadata: name: my-project-vpc + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/examples/redis.yaml b/docs/docs/api-reference/examples/redis.yaml index a98b4691..2a2ec611 100644 --- a/docs/docs/api-reference/examples/redis.yaml +++ b/docs/docs/api-reference/examples/redis.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Redis + metadata: name: k8s-redis + spec: authSecretRef: name: aiven-token @@ -23,4 +26,4 @@ spec: maintenanceWindowTime: 23:00:00 userConfig: - redis_maxmemory_policy: "allkeys-random" + redis_maxmemory_policy: allkeys-random diff --git a/docs/docs/api-reference/examples/serviceintegration.yaml b/docs/docs/api-reference/examples/serviceintegration.yaml index 16d0de96..209ef3bc 100644 --- a/docs/docs/api-reference/examples/serviceintegration.yaml +++ b/docs/docs/api-reference/examples/serviceintegration.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: ServiceIntegration + metadata: name: my-service-integration + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/examples/serviceuser.yaml b/docs/docs/api-reference/examples/serviceuser.yaml index c4fb70ae..67645348 100644 --- a/docs/docs/api-reference/examples/serviceuser.yaml +++ b/docs/docs/api-reference/examples/serviceuser.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: ServiceUser + metadata: name: my-service-user + spec: authSecretRef: name: aiven-token diff --git a/docs/docs/api-reference/grafana.md b/docs/docs/api-reference/grafana.md index 29cd7f3c..8e66a7f5 100644 --- a/docs/docs/api-reference/grafana.md +++ b/docs/docs/api-reference/grafana.md @@ -83,8 +83,8 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). ## connInfoSecretTarget {: #spec.connInfoSecretTarget } @@ -110,11 +110,11 @@ ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID aut **Required** -- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). +- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). **Optional** -- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). +- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). ## serviceIntegrations {: #spec.serviceIntegrations } @@ -124,8 +124,8 @@ Service integrations to specify when creating a service. Not applied after initi **Required** -- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). -- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). +- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). +- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). ## userConfig {: #spec.userConfig } @@ -171,7 +171,7 @@ Cassandra specific user configuration options. - [`service_to_fork_from`](#spec.userConfig.service_to_fork_from-property){: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created. - [`smtp_server`](#spec.userConfig.smtp_server-property){: name='spec.userConfig.smtp_server-property'} (object). SMTP server settings. See below for [nested schema](#spec.userConfig.smtp_server). - [`static_ips`](#spec.userConfig.static_ips-property){: name='spec.userConfig.static_ips-property'} (boolean). Use static public IP addresses. -- [`unified_alerting_enabled`](#spec.userConfig.unified_alerting_enabled-property){: name='spec.userConfig.unified_alerting_enabled-property'} (boolean). Enable or disable Grafana unified alerting functionality. By default this is enabled and any legacy alerts will be migrated on upgrade to Grafana 9+. To stay on legacy alerting, set unified_alerting_enabled to false and alerting_enabled to true. See https://grafana.com/docs/grafana/latest/alerting/set-up/migrating-alerts/ for more details. +- [`unified_alerting_enabled`](#spec.userConfig.unified_alerting_enabled-property){: name='spec.userConfig.unified_alerting_enabled-property'} (boolean). Enable or disable Grafana unified alerting functionality. By default this is enabled and any legacy alerts will be migrated on upgrade to Grafana 9+. To stay on legacy alerting, set unified_alerting_enabled to false and alerting_enabled to true. See for more details. - [`user_auto_assign_org`](#spec.userConfig.user_auto_assign_org-property){: name='spec.userConfig.user_auto_assign_org-property'} (boolean). Auto-assign new users on signup to main organization. Defaults to false. - [`user_auto_assign_org_role`](#spec.userConfig.user_auto_assign_org_role-property){: name='spec.userConfig.user_auto_assign_org_role-property'} (string, Enum: `Viewer`, `Admin`, `Editor`). Set role for new signups. Defaults to Viewer. - [`viewers_can_edit`](#spec.userConfig.viewers_can_edit-property){: name='spec.userConfig.viewers_can_edit-property'} (boolean). Users with view-only permission can edit but not save dashboards. @@ -363,4 +363,3 @@ SMTP server settings. - [`skip_verify`](#spec.userConfig.smtp_server.skip_verify-property){: name='spec.userConfig.smtp_server.skip_verify-property'} (boolean). Skip verifying server certificate. Defaults to false. - [`starttls_policy`](#spec.userConfig.smtp_server.starttls_policy-property){: name='spec.userConfig.smtp_server.starttls_policy-property'} (string, Enum: `OpportunisticStartTLS`, `MandatoryStartTLS`, `NoStartTLS`). Either OpportunisticStartTLS, MandatoryStartTLS or NoStartTLS. Default is OpportunisticStartTLS. - [`username`](#spec.userConfig.smtp_server.username-property){: name='spec.userConfig.smtp_server.username-property'} (string, Pattern: `^[^\x00-\x1F]+$`, MaxLength: 255). Username for SMTP authentication. - diff --git a/docs/docs/api-reference/kafka.md b/docs/docs/api-reference/kafka.md index 60eb266d..9a077a2e 100644 --- a/docs/docs/api-reference/kafka.md +++ b/docs/docs/api-reference/kafka.md @@ -76,8 +76,8 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). ## connInfoSecretTarget {: #spec.connInfoSecretTarget } @@ -103,11 +103,11 @@ ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID aut **Required** -- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). +- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). **Optional** -- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). +- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). ## serviceIntegrations {: #spec.serviceIntegrations } @@ -117,8 +117,8 @@ Service integrations to specify when creating a service. Not applied after initi **Required** -- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). -- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). +- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). +- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). ## userConfig {: #spec.userConfig } @@ -346,4 +346,3 @@ Deprecated. Local cache configuration. **Required** - [`size`](#spec.userConfig.tiered_storage.local_cache.size-property){: name='spec.userConfig.tiered_storage.local_cache.size-property'} (integer, Minimum: 1, Maximum: 107374182400). Deprecated. Local cache size in bytes. - diff --git a/docs/docs/api-reference/kafkaacl.md b/docs/docs/api-reference/kafkaacl.md index 16e382d3..ef683f58 100644 --- a/docs/docs/api-reference/kafkaacl.md +++ b/docs/docs/api-reference/kafkaacl.md @@ -58,6 +58,5 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). - +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). diff --git a/docs/docs/api-reference/kafkaconnect.md b/docs/docs/api-reference/kafkaconnect.md index 9670e11b..f464876d 100644 --- a/docs/docs/api-reference/kafkaconnect.md +++ b/docs/docs/api-reference/kafkaconnect.md @@ -68,8 +68,8 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). ## projectVPCRef {: #spec.projectVPCRef } @@ -79,11 +79,11 @@ ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID aut **Required** -- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). +- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). **Optional** -- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). +- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). ## serviceIntegrations {: #spec.serviceIntegrations } @@ -93,8 +93,8 @@ Service integrations to specify when creating a service. Not applied after initi **Required** -- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). -- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). +- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). +- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). ## userConfig {: #spec.userConfig } @@ -185,4 +185,3 @@ Allow access to selected service ports from the public Internet. - [`kafka_connect`](#spec.userConfig.public_access.kafka_connect-property){: name='spec.userConfig.public_access.kafka_connect-property'} (boolean). Allow clients to connect to kafka_connect from the public internet for service nodes that are in a project VPC or another type of private network. - [`prometheus`](#spec.userConfig.public_access.prometheus-property){: name='spec.userConfig.public_access.prometheus-property'} (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network. - diff --git a/docs/docs/api-reference/kafkaconnector.md b/docs/docs/api-reference/kafkaconnector.md index 06b06a16..ab09f3cc 100644 --- a/docs/docs/api-reference/kafkaconnector.md +++ b/docs/docs/api-reference/kafkaconnector.md @@ -38,6 +38,5 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). - +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). diff --git a/docs/docs/api-reference/kafkaschema.md b/docs/docs/api-reference/kafkaschema.md index 56932154..b705e329 100644 --- a/docs/docs/api-reference/kafkaschema.md +++ b/docs/docs/api-reference/kafkaschema.md @@ -71,6 +71,5 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). - +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). diff --git a/docs/docs/api-reference/kafkatopic.md b/docs/docs/api-reference/kafkatopic.md index c52ad7e4..55a26e41 100644 --- a/docs/docs/api-reference/kafkatopic.md +++ b/docs/docs/api-reference/kafkatopic.md @@ -65,8 +65,8 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). ## config {: #spec.config } @@ -108,9 +108,8 @@ Kafka topic tags. **Required** -- [`key`](#spec.tags.key-property){: name='spec.tags.key-property'} (string, MinLength: 1, MaxLength: 64, Format: `^[a-zA-Z0-9_-]*$`). +- [`key`](#spec.tags.key-property){: name='spec.tags.key-property'} (string, MinLength: 1, MaxLength: 64, Format: `^[a-zA-Z0-9_-]*$`). **Optional** -- [`value`](#spec.tags.value-property){: name='spec.tags.value-property'} (string, MaxLength: 256, Format: `^[a-zA-Z0-9_-]*$`). - +- [`value`](#spec.tags.value-property){: name='spec.tags.value-property'} (string, MaxLength: 256, Format: `^[a-zA-Z0-9_-]*$`). diff --git a/docs/docs/api-reference/mysql.md b/docs/docs/api-reference/mysql.md index 27afc1bd..1f951419 100644 --- a/docs/docs/api-reference/mysql.md +++ b/docs/docs/api-reference/mysql.md @@ -83,8 +83,8 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). ## connInfoSecretTarget {: #spec.connInfoSecretTarget } @@ -110,11 +110,11 @@ ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID aut **Required** -- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). +- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). **Optional** -- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). +- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). ## serviceIntegrations {: #spec.serviceIntegrations } @@ -124,8 +124,8 @@ Service integrations to specify when creating a service. Not applied after initi **Required** -- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). -- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). +- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). +- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). ## userConfig {: #spec.userConfig } @@ -262,4 +262,3 @@ Allow access to selected service ports from the public Internet. - [`mysql`](#spec.userConfig.public_access.mysql-property){: name='spec.userConfig.public_access.mysql-property'} (boolean). Allow clients to connect to mysql from the public internet for service nodes that are in a project VPC or another type of private network. - [`mysqlx`](#spec.userConfig.public_access.mysqlx-property){: name='spec.userConfig.public_access.mysqlx-property'} (boolean). Allow clients to connect to mysqlx from the public internet for service nodes that are in a project VPC or another type of private network. - [`prometheus`](#spec.userConfig.public_access.prometheus-property){: name='spec.userConfig.public_access.prometheus-property'} (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network. - diff --git a/docs/docs/api-reference/opensearch.md b/docs/docs/api-reference/opensearch.md index eb4ee0a9..d61ff4f9 100644 --- a/docs/docs/api-reference/opensearch.md +++ b/docs/docs/api-reference/opensearch.md @@ -76,8 +76,8 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). ## connInfoSecretTarget {: #spec.connInfoSecretTarget } @@ -103,11 +103,11 @@ ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID aut **Required** -- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). +- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). **Optional** -- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). +- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). ## serviceIntegrations {: #spec.serviceIntegrations } @@ -117,8 +117,8 @@ Service integrations to specify when creating a service. Not applied after initi **Required** -- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). -- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). +- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). +- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). ## userConfig {: #spec.userConfig } @@ -371,4 +371,3 @@ OpenSearch SAML configuration. - [`idp_pemtrustedcas_content`](#spec.userConfig.saml.idp_pemtrustedcas_content-property){: name='spec.userConfig.saml.idp_pemtrustedcas_content-property'} (string, MaxLength: 16384). This parameter specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification. The root CA content is used to verify the SSL/TLS certificate presented by the server. - [`roles_key`](#spec.userConfig.saml.roles_key-property){: name='spec.userConfig.saml.roles_key-property'} (string, MinLength: 1, MaxLength: 256). Optional. Specifies the attribute in the SAML response where role information is stored, if available. Role attributes are not required for SAML authentication, but can be included in SAML assertions by most Identity Providers (IdPs) to determine user access levels or permissions. - [`subject_key`](#spec.userConfig.saml.subject_key-property){: name='spec.userConfig.saml.subject_key-property'} (string, MinLength: 1, MaxLength: 256). Optional. Specifies the attribute in the SAML response where the subject identifier is stored. If not configured, the NameID attribute is used by default. - diff --git a/docs/docs/api-reference/postgresql.md b/docs/docs/api-reference/postgresql.md index 3ee32409..4c9b6d92 100644 --- a/docs/docs/api-reference/postgresql.md +++ b/docs/docs/api-reference/postgresql.md @@ -78,8 +78,8 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). ## connInfoSecretTarget {: #spec.connInfoSecretTarget } @@ -105,11 +105,11 @@ ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID aut **Required** -- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). +- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). **Optional** -- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). +- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). ## serviceIntegrations {: #spec.serviceIntegrations } @@ -119,8 +119,8 @@ Service integrations to specify when creating a service. Not applied after initi **Required** -- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). -- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). +- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). +- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). ## userConfig {: #spec.userConfig } @@ -339,4 +339,3 @@ System-wide settings for the timescaledb extension. **Required** - [`max_background_workers`](#spec.userConfig.timescaledb.max_background_workers-property){: name='spec.userConfig.timescaledb.max_background_workers-property'} (integer, Minimum: 1, Maximum: 4096). The number of background workers for timescaledb operations. You should configure this setting to the sum of your number of databases and the total number of concurrent background workers you want running at any given point in time. - diff --git a/docs/docs/api-reference/project.md b/docs/docs/api-reference/project.md index 05867a8b..cfc6e9f6 100644 --- a/docs/docs/api-reference/project.md +++ b/docs/docs/api-reference/project.md @@ -71,8 +71,8 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). ## connInfoSecretTarget {: #spec.connInfoSecretTarget } @@ -89,4 +89,3 @@ Information regarding secret creation. Exposed keys: `PROJECT_CA_CERT`. - [`annotations`](#spec.connInfoSecretTarget.annotations-property){: name='spec.connInfoSecretTarget.annotations-property'} (object, AdditionalProperties: string). Annotations added to the secret. - [`labels`](#spec.connInfoSecretTarget.labels-property){: name='spec.connInfoSecretTarget.labels-property'} (object, AdditionalProperties: string). Labels added to the secret. - [`prefix`](#spec.connInfoSecretTarget.prefix-property){: name='spec.connInfoSecretTarget.prefix-property'} (string). Prefix for the secret's keys. Added "as is" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - diff --git a/docs/docs/api-reference/projectvpc.md b/docs/docs/api-reference/projectvpc.md index 7f36973b..1e9413ba 100644 --- a/docs/docs/api-reference/projectvpc.md +++ b/docs/docs/api-reference/projectvpc.md @@ -54,6 +54,5 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). - +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). diff --git a/docs/docs/api-reference/redis.md b/docs/docs/api-reference/redis.md index 04d3996a..647c6d9d 100644 --- a/docs/docs/api-reference/redis.md +++ b/docs/docs/api-reference/redis.md @@ -78,8 +78,8 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). ## connInfoSecretTarget {: #spec.connInfoSecretTarget } @@ -105,11 +105,11 @@ ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID aut **Required** -- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). +- [`name`](#spec.projectVPCRef.name-property){: name='spec.projectVPCRef.name-property'} (string, MinLength: 1). **Optional** -- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). +- [`namespace`](#spec.projectVPCRef.namespace-property){: name='spec.projectVPCRef.namespace-property'} (string, MinLength: 1). ## serviceIntegrations {: #spec.serviceIntegrations } @@ -119,8 +119,8 @@ Service integrations to specify when creating a service. Not applied after initi **Required** -- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). -- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). +- [`integrationType`](#spec.serviceIntegrations.integrationType-property){: name='spec.serviceIntegrations.integrationType-property'} (string, Enum: `read_replica`). +- [`sourceServiceName`](#spec.serviceIntegrations.sourceServiceName-property){: name='spec.serviceIntegrations.sourceServiceName-property'} (string, MinLength: 1, MaxLength: 64). ## userConfig {: #spec.userConfig } @@ -219,4 +219,3 @@ Allow access to selected service ports from the public Internet. - [`prometheus`](#spec.userConfig.public_access.prometheus-property){: name='spec.userConfig.public_access.prometheus-property'} (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network. - [`redis`](#spec.userConfig.public_access.redis-property){: name='spec.userConfig.public_access.redis-property'} (boolean). Allow clients to connect to redis from the public internet for service nodes that are in a project VPC or another type of private network. - diff --git a/docs/docs/api-reference/serviceintegration.md b/docs/docs/api-reference/serviceintegration.md index 64875bd6..88702a6b 100644 --- a/docs/docs/api-reference/serviceintegration.md +++ b/docs/docs/api-reference/serviceintegration.md @@ -73,8 +73,8 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). ## clickhouseKafka {: #spec.clickhouseKafka } @@ -180,7 +180,7 @@ Custom tags provided by user. **Required** -- [`tag`](#spec.datadog.datadog_tags.tag-property){: name='spec.datadog.datadog_tags.tag-property'} (string, MinLength: 1, MaxLength: 200). Tag format and usage are described here: https://docs.datadoghq.com/getting_started/tagging. Tags with prefix `aiven-` are reserved for Aiven. +- [`tag`](#spec.datadog.datadog_tags.tag-property){: name='spec.datadog.datadog_tags.tag-property'} (string, MinLength: 1, MaxLength: 200). Tag format and usage are described here: . Tags with prefix `aiven-` are reserved for Aiven. **Optional** @@ -362,4 +362,3 @@ Configuration options for Telegraf MySQL input plugin. - [`perf_events_statements_digest_text_limit`](#spec.metrics.source_mysql.telegraf.perf_events_statements_digest_text_limit-property){: name='spec.metrics.source_mysql.telegraf.perf_events_statements_digest_text_limit-property'} (integer, Minimum: 1, Maximum: 2048). Truncates digest text from perf_events_statements into this many characters. - [`perf_events_statements_limit`](#spec.metrics.source_mysql.telegraf.perf_events_statements_limit-property){: name='spec.metrics.source_mysql.telegraf.perf_events_statements_limit-property'} (integer, Minimum: 1, Maximum: 4000). Limits metrics from perf_events_statements. - [`perf_events_statements_time_limit`](#spec.metrics.source_mysql.telegraf.perf_events_statements_time_limit-property){: name='spec.metrics.source_mysql.telegraf.perf_events_statements_time_limit-property'} (integer, Minimum: 1, Maximum: 2592000). Only include perf_events_statements whose last seen is less than this many seconds. - diff --git a/docs/docs/api-reference/serviceuser.md b/docs/docs/api-reference/serviceuser.md index 1bb2e8aa..53d3409f 100644 --- a/docs/docs/api-reference/serviceuser.md +++ b/docs/docs/api-reference/serviceuser.md @@ -62,8 +62,8 @@ Authentication reference to Aiven token in a secret. **Required** -- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). -- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). +- [`key`](#spec.authSecretRef.key-property){: name='spec.authSecretRef.key-property'} (string, MinLength: 1). +- [`name`](#spec.authSecretRef.name-property){: name='spec.authSecretRef.name-property'} (string, MinLength: 1). ## connInfoSecretTarget {: #spec.connInfoSecretTarget } @@ -80,4 +80,3 @@ Information regarding secret creation. Exposed keys: `SERVICEUSER_HOST`, `SERVIC - [`annotations`](#spec.connInfoSecretTarget.annotations-property){: name='spec.connInfoSecretTarget.annotations-property'} (object, AdditionalProperties: string). Annotations added to the secret. - [`labels`](#spec.connInfoSecretTarget.labels-property){: name='spec.connInfoSecretTarget.labels-property'} (object, AdditionalProperties: string). Labels added to the secret. - [`prefix`](#spec.connInfoSecretTarget.prefix-property){: name='spec.connInfoSecretTarget.prefix-property'} (string). Prefix for the secret's keys. Added "as is" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - diff --git a/docs/docs/assets/logo.svg b/docs/docs/assets/logo.svg index 287b650f..50e250d1 100644 --- a/docs/docs/assets/logo.svg +++ b/docs/docs/assets/logo.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/docs/docs/changelog.md b/docs/docs/changelog.md index 5e3532a8..c81f3893 100644 --- a/docs/docs/changelog.md +++ b/docs/docs/changelog.md @@ -1,12 +1,11 @@ # Changelog - ## v0.16.1 - 2023-12-15 -- Check VPC for running services before deletion. Prevents VPC from hanging in the DELETING state +- Check VPC for running services before deletion. Prevents VPC from hanging in the DELETING state - Expose `KAFKA_SCHEMA_REGISTRY_URI` and `KAFKA_REST_URI` to `Kafka` secret - Expose `CONNECTIONPOOL_NAME` in `ConnectionPool` secret -- Fix `CONNECTIONPOOL_PORT` exposes service port instead of pool port +- Fix `CONNECTIONPOOL_PORT` exposes service port instead of pool port - Fix `SERVICEUSER_PORT` when `sasl` is the only authentication method - Change `PostgreSQL` field `userConfig.pg_qualstats.enabled`: deprecated - Change `PostgreSQL` field `userConfig.pg_qualstats.min_err_estimate_num`: deprecated @@ -17,7 +16,7 @@ ## v0.16.0 - 2023-12-07 - Set conditions on errors: `Preconditions`, `CreateOrUpdate`, `Delete`. Thanks to @atarax -- Fix object updates lost when reconciler exits before the object is committed +- Fix object updates lost when reconciler exits before the object is committed - Add `Kafka` field `userConfig.kafka.transaction_partition_verification_enable`, type `boolean`: Enable verification that checks that the partition has been added to the transaction before writing transactional records to the partition @@ -49,7 +48,7 @@ - Upgrade to Go 1.21 - Add option to orphan resources. Thanks to @atarax -- Fix `ServiceIntegration`: do not send empty user config to the API +- Fix `ServiceIntegration`: do not send empty user config to the API - Add a format for `string` type fields to the documentation - Generate CRDs changelog - Add `Clickhouse` field `userConfig.private_access.clickhouse_mysql`, type `boolean`: Allow clients @@ -106,7 +105,7 @@ - Add `Kafka` spec property `scheduled_rebalance_max_delay_ms` - Mark deprecated `Kafka` spec property `remote_log_storage_system_enable` - Add `KafkaConnect` spec property `scheduled_rebalance_max_delay_ms` -- Add `OpenSearch` spec property `openid` +- Add `OpenSearch` spec property `openid` - Use updated go client with enhanced retries ## v0.12.3 - 2023-07-13 @@ -135,7 +134,6 @@ - Add `OpenSearch.spec.userConfig.idp_pemtrustedcas_content` option. Specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification. - ## v0.11.0 - 2023-04-25 - Add `ServiceIntegration` kind `SourceProjectName` and `DestinationProjectName` fields @@ -154,16 +152,16 @@ - Add `minumim`, `maximum` validations for `number` type - Move helm charts to the operator repository - Add helm charts generator -- Remove `ip_filter` backward compatability +- Remove `ip_filter` backward compatibility - Fix deletion errors omitted - Add service integration `clickhouseKafka.tables.data_format-property` enum `RawBLOB` value - Update OpenSearch `userConfig.opensearch.email_sender_username` validation pattern - Add Kafka `log_cleaner_min_cleanable_ratio` minimum and maximum validation rules - Remove Kafka version `3.2`, reached EOL - Remove PostgreSQL version `10`, reached EOL -- Explicitly delete `ProjectVPC` by `ID` to avoid conflicts +- Explicitly delete `ProjectVPC` by `ID` to avoid conflicts - Speed up `ProjectVPC` deletion by exiting on `DELETING` status -- Fix missing RBAC permissions to update finalizers for various controllers +- Fix missing RBAC permissions to update finalizers for various controllers - Refactor `ClickhouseUser` controller - Mark `ClickhouseUser.spec.project` and `ClickhouseUser.spec.serviceName` as immutable - Remove deprecated service integration type `signalfx` @@ -202,7 +200,7 @@ as native [CRD validation rules](https://kubernetes.io/blog/2022/09/23/crd-valid - Add Cassandra Kind - Add Grafana Kind -- Recreate Kafka ACL if modified. +- Recreate Kafka ACL if modified. Note: Modification of ACL created prior to v0.5.1 won't delete existing instance at Aiven. It must be deleted manually. - Fix MySQL webhook @@ -212,7 +210,7 @@ as native [CRD validation rules](https://kubernetes.io/blog/2022/09/23/crd-valid - Remove `never` from choices of maintenance dow - Add `development` flag to configure logger's behavior - Add user config generator (see `make generate-user-configs`) -- Add `genericServiceHandler` to generalize service management +- Add `genericServiceHandler` to generalize service management - Add MySQL Kind ## v0.5.2 - 2022-12-09 @@ -242,23 +240,29 @@ as native [CRD validation rules](https://kubernetes.io/blog/2022/09/23/crd-valid ## v0.2.0 - 2021-11-17 features: -* add Redis CRD + +- add Redis CRD improvements: -* watch CRDs to reconcile token secrets + +- watch CRDs to reconcile token secrets fixes: -* fix RBACs of KafkaACL CRD + +- fix RBACs of KafkaACL CRD ## v0.1.1 - 2021-09-13 improvements: -* update helm installation docs + +- update helm installation docs fixes: -* fix typo in a kafka-connector kuttl test + +- fix typo in a kafka-connector kuttl test ## v0.1.0 - 2021-09-10 features: -* initial release + +- initial release diff --git a/docs/docs/contributing/developer-guide.md b/docs/docs/contributing/developer-guide.md index 2759589f..0c21814a 100644 --- a/docs/docs/contributing/developer-guide.md +++ b/docs/docs/contributing/developer-guide.md @@ -44,13 +44,14 @@ Please have installed first: - [kcat](https://github.com/edenhill/kcat) - base64, note: MACOS version doesn't support `-w0` flag, some tests may not work properly - [kind](https://kind.sigs.k8s.io/), and existing cluster, e.g. + ```shell kind create cluster --image kindest/node:v1.24.0 --wait 5m ``` The following commands must be executed with these environment variables (keep them in secret!): -- `AIVEN_TOKEN` — your [authentication token](https://docs.aiven.io/docs/platform/howto/create_authentication_token) +- `AIVEN_TOKEN` — your [authentication token](https://docs.aiven.io/docs/platform/howto/create_authentication_token) - `AIVEN_PROJECT_NAME` — your Aiven project name to run services in Setup everything: @@ -60,7 +61,7 @@ make e2e-setup-kind ``` !!! note - Additionally, webhooks can be disabled, + Additionally, webhooks can be disabled, if there are any problems with them. ```shell @@ -70,7 +71,7 @@ make e2e-setup-kind Run e2e tests (creates real services in `AIVEN_PROJECT_NAME`): ```shell -make test-e2e-preinstalled +make test-e2e-preinstalled ``` When you're done, just drop the cluster: @@ -82,7 +83,7 @@ kind delete cluster ## Documentation The documentation is written in markdown and generated by [mkdocs](https://www.mkdocs.org/) -and [mkdocs-material](https://squidfunk.github.io/mkdocs-material/). +and [mkdocs-material](https://squidfunk.github.io/mkdocs-material/). To run the documentation live preview: diff --git a/docs/docs/contributing/index.md b/docs/docs/contributing/index.md index d09c1a43..0333499a 100644 --- a/docs/docs/contributing/index.md +++ b/docs/docs/contributing/index.md @@ -11,13 +11,13 @@ to help get your contribution accepted. Please see also the Aiven Operator for Kubernetes [Developer Guide](./developer-guide). -### Support Channels +## Support Channels This project offers support through GitHub issues and can be filed [here](https://github.com/aiven/aiven-operator/issues). Moreover, GitHub issues are used as the primary method for tracking anything to do with the Aiven Operator for Kubernetes project. -### Pull Request Process +## Pull Request Process 1. Ensure any install or build dependencies are removed before the end of the layer when doing a build. 2. Increase the version numbers in any examples files and the README.md and in corresponding file in he /docs folder to diff --git a/docs/docs/contributing/resource-generation.md b/docs/docs/contributing/resource-generation.md index 0a599736..1f9079ea 100644 --- a/docs/docs/contributing/resource-generation.md +++ b/docs/docs/contributing/resource-generation.md @@ -13,8 +13,8 @@ from public [service types schema][service-types]. When a new schema is issued on the API, a cron job fetches it, parses, patches, and saves in a shared library — [go-api-schemas][go-api-schemas]. -When the library is updated, -the GitHub [dependabot](https://github.com/dependabot) creates PRs to the dependant repositories, +When the library is updated, +the GitHub [dependabot](https://github.com/dependabot) creates PRs to the dependent repositories, like Aiven Kubernetes Operator and Aiven Terraform Provider. Then the [`make generate`](#make-generate) command is called by GitHub action. @@ -23,7 +23,7 @@ And the PR is ready for review. ```mermaid flowchart TB API(Aiven API) <-.->|polls schema updates| Schema([go-api-schemas]) - Bot(dependabot) <-.->|polls updates| Schema + Bot(dependabot) <-.->|polls updates| Schema Bot-->|pull request|UpdateOP[/"✨ $ make generate ✨"/] UpdateOP-->|review| OP([operator repository]) ``` @@ -38,21 +38,21 @@ and charts generator. Here how it goes in the details: -1. User config generator creates Go structs (k8s api compatible objects) with docstrings, +1. User config generator creates Go structs (k8s api compatible objects) with docstrings, validation rules and constraints (immutable, maxLength, etc) 2. [controller-gen][controller-gen] generates k8s methods, - generates [CRDs][crd] for those objects, - creates charts for cluster roles and webhooks. + generates [CRDs][crd] for those objects, + creates charts for cluster roles and webhooks. 3. Docs generator creates [API reference][api-reference] out of CRDs: 1. it looks for an example file for the given CRD kind in `.//example/`, - if it finds one, it validates that with the CRD. - Each CRD has an OpenAPI v3 schema as a part of it. + if it finds one, it validates that with the CRD. + Each CRD has an OpenAPI v3 schema as a part of it. This is also used by Kubernetes itself to validate user input. 2. generates full spec reference out of the schema 3. creates a markdown file with spec and example (if exists) -4. Charts generator +4. Charts generator updates CRDs, webhooks and cluster roles charts, - adds all changes to the changelog + adds all changes to the changelog [go-api-schemas]: https://github.com/aiven/go-api-schemas [service-types]: https://api.aiven.io/doc/#tag/Service/operation/ListPublicServiceTypes diff --git a/docs/docs/installation/helm.md b/docs/docs/installation/helm.md index 46b2ca7f..ac2b650d 100644 --- a/docs/docs/installation/helm.md +++ b/docs/docs/installation/helm.md @@ -4,9 +4,9 @@ linkTitle: "Installing with Helm (recommended)" weight: 10 --- -## Installing +## Installing -The Aiven Operator for Kubernetes can be installed via [Helm](https://helm.sh/). +The Aiven Operator for Kubernetes can be installed via [Helm](https://helm.sh/). Before you start, make sure you have the [prerequisites](prerequisites.md). @@ -23,9 +23,11 @@ helm install aiven-operator-crds aiven/aiven-operator-crds ``` Verify the installation: + ```shell kubectl api-resources --api-group=aiven.io ``` + The output is similar to the following: ```{ .shell .no-copy } @@ -44,7 +46,8 @@ helm install aiven-operator aiven/aiven-operator !!! note Installation will fail if webhooks are enabled and the CRDs for the cert-manager are not installed. -Verify the installation: +Verify the installation: + ```shell helm status aiven-operator ``` @@ -61,6 +64,7 @@ TEST SUITE: None ``` It is also possible to install the operator without webhooks enabled: + ```shell helm install aiven-operator aiven/aiven-operator --set webhooks.enabled=false ``` @@ -70,9 +74,10 @@ helm install aiven-operator aiven/aiven-operator --set webhooks.enabled=false Please refer to the [values.yaml](https://github.com/aiven/aiven-charts/blob/main/charts/aiven-operator/values.yaml) of the chart. #### Installing without full cluster administrator access -There can be some scenarios where the individual installing the Helm chart does not have the ability to provision cluster-wide resources (e.g. ClusterRoles/ClusterRoleBindings). In this scenario, you can have a cluster administrator manually install the [ClusterRole](../../../charts/aiven-operator/templates/cluster_role.yaml) and [ClusterRoleBinding](../../../charts/aiven-operator/templates/cluster_role_binding.yaml) the operator requires prior to installing the Helm chart specifying `false` for the `clusterRole.create` attribute. -## Uninstalling +There can be some scenarios where the individual installing the Helm chart does not have the ability to provision cluster-wide resources (e.g. ClusterRoles/ClusterRoleBindings). In this scenario, you can have a cluster administrator manually install the [ClusterRole](../../../charts/aiven-operator/templates/cluster_role.yaml) and [ClusterRoleBinding](../../../charts/aiven-operator/templates/cluster_role_binding.yaml) the operator requires prior to installing the Helm chart specifying `false` for the `clusterRole.create` attribute. + +## Uninstalling !!! important Please see [this page](uninstalling.md) for more information. @@ -83,12 +88,12 @@ Find out the name of your deployment: helm list ``` -The output has the name of each deployment similar to the following: +The output has the name of each deployment similar to the following: ```{ .shell .no-copy } -NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -aiven-operator default 1 2021-09-09 10:56:14.623700249 +0200 CEST deployed aiven-operator-v0.1.0 v0.1.0 -aiven-operator-crds default 1 2021-09-09 10:56:05.736411868 +0200 CEST deployed aiven-operator-crds-v0.1.0 v0.1.0 +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +aiven-operator default 1 2021-09-09 10:56:14.623700249 +0200 CEST deployed aiven-operator-v0.1.0 v0.1.0 +aiven-operator-crds default 1 2021-09-09 10:56:05.736411868 +0200 CEST deployed aiven-operator-crds-v0.1.0 v0.1.0 ``` Remove the CRDs: @@ -114,4 +119,3 @@ The confirmation message is similar to the following: ```{ .shell .no-copy } release "aiven-operator" uninstalled ``` - diff --git a/docs/docs/installation/prerequisites.md b/docs/docs/installation/prerequisites.md index d050f699..020259ff 100644 --- a/docs/docs/installation/prerequisites.md +++ b/docs/docs/installation/prerequisites.md @@ -18,10 +18,9 @@ The Aiven Operator for Kubernetes uses `cert-manager` to configure the [service Please follow the [installation instructions](https://cert-manager.io/docs/installation/helm/) on their website. -!!! note - This is not required in the Helm installation if you select to [disable webhooks](./helm.md), - but that is not recommended outside of playground use. - The Aiven Operator for Kubernetes uses webhooks for setting defaults - and enforcing invariants that are expected by the aiven API and will lead to errors if ignored. +!!! note + This is not required in the Helm installation if you select to [disable webhooks](./helm.md), + but that is not recommended outside of playground use. + The Aiven Operator for Kubernetes uses webhooks for setting defaults + and enforcing invariants that are expected by the aiven API and will lead to errors if ignored. In the future webhooks will also be used for conversion and supporting multiple CRD versions. - diff --git a/docs/docs/resources/cassandra.md b/docs/docs/resources/cassandra.md index 64db687e..45b024c0 100644 --- a/docs/docs/resources/cassandra.md +++ b/docs/docs/resources/cassandra.md @@ -6,12 +6,12 @@ weight: 55 Aiven for Apache Cassandra® is a distributed database designed to handle large volumes of writes. -!!! note +!!! note Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/) and a [Kubernetes Secret with an Aiven authentication token](../../authentication/). ## Creating a Cassandra instance -1\. Create a file named `cassandra-sample.yaml`, and add the following content: +1\. Create a file named `cassandra-sample.yaml`, and add the following content: ```yaml apiVersion: aiven.io/v1alpha1 @@ -44,7 +44,7 @@ spec: 2\. Create the service by applying the configuration: ```shell -kubectl apply -f cassandra-sample.yaml +kubectl apply -f cassandra-sample.yaml ``` The output is: @@ -89,7 +89,7 @@ name specified on the `connInfoSecretTarget` field. To view the details of the Secret, use the following command: ```shell -kubectl describe secret cassandra-secret +kubectl describe secret cassandra-secret ``` The output is similar to the following: @@ -161,7 +161,7 @@ spec: kubectl apply -f cassandra-service-user.yaml ``` -The `ServiceUser` resource generates a Secret with connection information. +The `ServiceUser` resource generates a Secret with connection information. 3\. View the details of the Secret using the following command: diff --git a/docs/docs/resources/kafka/connect.md b/docs/docs/resources/kafka/connect.md index 0802372f..1d9c6f21 100644 --- a/docs/docs/resources/kafka/connect.md +++ b/docs/docs/resources/kafka/connect.md @@ -7,6 +7,7 @@ weight: 50 [Aiven for Apache Kafka Connect](https://aiven.io/kafka-connect) is a framework and a runtime for integrating Kafka with other systems. Kafka connectors can either be a source (for pulling data from other systems into Kafka) or sink (for pushing data into other systems from Kafka). This section involves a few different Kubernetes CRDs: + 1. A `KafkaService` service with a `KafkaTopic` 2. A `KafkaConnect` service 3. A `ServiceIntegration` to integrate the `Kafka` and `KafkaConnect` services @@ -14,6 +15,7 @@ This section involves a few different Kubernetes CRDs: 5. A `KafkaConnector` to finally connect the `Kafka` with the `PostgreSQL` ## Creating the resources + Create a file named `kafka-sample-connect.yaml` with the following content: ```yaml @@ -26,7 +28,7 @@ spec: authSecretRef: name: aiven-token key: token - + # outputs the Kafka connection on the `kafka-connection` Secret connInfoSecretTarget: name: kafka-auth @@ -221,9 +223,11 @@ postgresql.aiven.io/pg-connect your-project google-europe-west1 startup-4 NAME SERVICE NAME PROJECT CONNECTOR CLASS STATE TASKS TOTAL TASKS RUNNING kafkaconnector.aiven.io/kafka-connector kafka-sample-connect your-project io.aiven.connect.jdbc.JdbcSinkConnector RUNNING 1 1 ``` + The deployment is finished when all services have the state `RUNNING`. ## Testing + To test the connection integration, let's produce a Kafka message using [kcat](https://github.com/edenhill/kcat) from within the Kubernetes cluster. We will deploy a Pod responsible for crafting a message and sending to the Kafka cluster, using the `kafka-auth` secret generate by the `Kafka` CRD. Create a new file named `kcat-connect.yaml` and add the content below: @@ -304,7 +308,7 @@ spec: name: postgres # "kafka-topic-connect" is the table automatically created by KafkaConnect command: ['psql', '$(DATABASE_URI)', '-c', 'SELECT * from "kafka-topic-connect";'] - + envFrom: - secretRef: name: pg-connection @@ -316,22 +320,23 @@ Apply the file with: kubectl apply -f psql-connect.yaml ``` -After a couple of seconds, inspect its log with this command: +After a couple of seconds, inspect its log with this command: ```shell -kubectl logs psql-connect +kubectl logs psql-connect ``` -The output is similar to the following: +The output is similar to the following: ```{ .shell .no-copy } - text + text ------------- Hello World (1 row) ``` ## Clean up + To clean up all the created resources, use the following command: ```shell @@ -343,4 +348,4 @@ kubectl delete \ -f kafka-connector-connect.yaml \ -f kcat-connect.yaml \ -f psql-connect.yaml -``` \ No newline at end of file +``` diff --git a/docs/docs/resources/kafka/index.md b/docs/docs/resources/kafka/index.md index 25477630..b96f4af1 100644 --- a/docs/docs/resources/kafka/index.md +++ b/docs/docs/resources/kafka/index.md @@ -8,7 +8,7 @@ Aiven for Apache Kafka is an excellent option if you need to run Apache Kafka at you can get up and running with a suitably sized Apache Kafka service in a few minutes. !!! note - Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/) + Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/) and a [Kubernetes Secret with an Aiven authentication token](../../authentication/). ## Creating a Kafka instance @@ -50,10 +50,10 @@ spec: 2\. Create the following resource on Kubernetes: ```shell -kubectl apply -f kafka-sample.yaml +kubectl apply -f kafka-sample.yaml ``` -3\. Inspect the service created using the command below. +3\. Inspect the service created using the command below. ```shell kubectl get kafka.aiven.io kafka-sample @@ -75,7 +75,7 @@ For your convenience, the operator automatically stores the Kafka connection inf name specified on the `connInfoSecretTarget` field. ```shell -kubectl describe secret kafka-auth +kubectl describe secret kafka-auth ``` The output is similar to the following: @@ -158,7 +158,7 @@ spec: mountPath: "/kafka-auth" # loading the data from the Secret as files in a volume - # useful to access the Kafka certificates + # useful to access the Kafka certificates volumes: - name: kafka-auth secret: @@ -174,7 +174,7 @@ kubectl apply -f kafka-test-connection.yaml Once successfully applied, you have a log with the metadata information about the Kafka cluster. ```shell -kubectl logs kafka-test-connection +kubectl logs kafka-test-connection ``` The output is similar to the following: @@ -189,6 +189,7 @@ Metadata for all topics (from broker -1: ssl://kafka-sample-your-project.aivencl ``` ## Creating a `KafkaTopic` and `KafkaACL` + To properly produce and consume content on Kafka, you need topics and ACLs. The operator supports both with the `KafkaTopic` and `KafkaACL` resources. @@ -325,7 +326,7 @@ spec: mountPath: "/crab-auth" # loading the crab user information from the Secret as files in a volume - # useful to access the Kafka certificates + # useful to access the Kafka certificates volumes: - name: crab-auth secret: @@ -385,7 +386,7 @@ spec: mountPath: /crab-auth # loading the crab user information from the Secret as files in a volume - # useful to access the Kafka certificates + # useful to access the Kafka certificates volumes: - name: crab-auth secret: @@ -418,7 +419,7 @@ kubectl apply -f kafka-crab-consume.yaml kubectl port-forward kafka-crab-consume 8080:8080 ``` -4\. In the browser of your choice, access the [http://localhost:8080]() address. You now see a page with +4\. In the browser of your choice, access the address. You now see a page with the `random-strings` topic listed: ![Kowl graphical interface on the topic listing page](./kowl-topics.png) diff --git a/docs/docs/resources/kafka/schema.md b/docs/docs/resources/kafka/schema.md index f572a804..d0bd273d 100644 --- a/docs/docs/resources/kafka/schema.md +++ b/docs/docs/resources/kafka/schema.md @@ -5,6 +5,7 @@ weight: 40 --- ## Creating a `KafkaSchema` + Aiven develops and maintain [Karapace](https://github.com/aiven/karapace), an open source implementation of Kafka REST and schema registry. Is available out of the box for our managed Kafka service. @@ -43,7 +44,7 @@ spec: 2\. Apply the changes with the following command: ```shell -kubectl apply -f kafka-schema.yaml +kubectl apply -f kafka-schema.yaml ``` Now, let's create the schema itself. @@ -79,7 +80,7 @@ spec: ] } - # sets the schema compatibility level + # sets the schema compatibility level compatibilityLevel: BACKWARD ``` @@ -102,4 +103,4 @@ NAME SERVICE NAME PROJECT SUBJECT COMPATIBILITY LEVEL kafka-schema kafka-sample MySchema BACKWARD 1 ``` -Now you can follow the instructions to [use a schema registry in Java](https://docs.aiven.io/docs/products/kafka/howto/schema-registry) on how to use the schema created. \ No newline at end of file +Now you can follow the instructions to [use a schema registry in Java](https://docs.aiven.io/docs/products/kafka/howto/schema-registry) on how to use the schema created. diff --git a/docs/docs/resources/mysql.md b/docs/docs/resources/mysql.md index 81637b44..a78f1593 100644 --- a/docs/docs/resources/mysql.md +++ b/docs/docs/resources/mysql.md @@ -4,13 +4,13 @@ linkTitle: "MySQL" weight: 46 --- -Aiven for MySQL is a fully managed relational database service, deployable in the cloud of your choice. +Aiven for MySQL is a fully managed relational database service, deployable in the cloud of your choice. > Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/) and a [Kubernetes Secret with an Aiven authentication token](../../authentication/). ## Creating a MySQL instance -1\. Create a file named `mysql-sample.yaml`, and add the following content: +1\. Create a file named `mysql-sample.yaml`, and add the following content: ```yaml apiVersion: aiven.io/v1alpha1 @@ -43,7 +43,7 @@ spec: 2\. Create the service by applying the configuration: ```shell -kubectl apply -f mysql-sample.yaml +kubectl apply -f mysql-sample.yaml ``` 3\. Review the resource you created with this command: @@ -74,7 +74,6 @@ Status: The resource will be in the `REBUILDING` state for a few minutes. Once the state changes to `RUNNING`, you can access the resource. - ## Using the connection Secret For your convenience, the operator automatically stores the MySQL connection information in a Secret created with the @@ -83,7 +82,7 @@ name specified on the `connInfoSecretTarget` field. To view the details of the Secret, use the following command: ```shell -kubectl describe secret mysql-secret +kubectl describe secret mysql-secret ``` The output is similar to the following: @@ -156,7 +155,7 @@ spec: kubectl apply -f mysql-service-user.yaml ``` -The `ServiceUser` resource generates a Secret with connection information. +The `ServiceUser` resource generates a Secret with connection information. 3\. View the details of the Secret using [jq](https://github.com/stedolan/jq): @@ -178,4 +177,4 @@ The output is similar to the following: } ``` -You can connect to the MySQL instance using these credentials and the host information from the `mysql-secret` Secret. \ No newline at end of file +You can connect to the MySQL instance using these credentials and the host information from the `mysql-secret` Secret. diff --git a/docs/docs/resources/opensearch.md b/docs/docs/resources/opensearch.md index f65c27c2..99518906 100644 --- a/docs/docs/resources/opensearch.md +++ b/docs/docs/resources/opensearch.md @@ -7,12 +7,12 @@ weight: 45 OpenSearch® is an open source search and analytics suite including search engine, NoSQL document database, and visualization interface. OpenSearch offers a distributed, full-text search engine based on Apache Lucene® with a RESTful API interface and support for JSON documents. !!! note - Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/) + Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/) and a [Kubernetes Secret with an Aiven authentication token](../../authentication/). ## Creating an OpenSearch instance -1\. Create a file named `os-sample.yaml`, and add the following content: +1\. Create a file named `os-sample.yaml`, and add the following content: ```yaml apiVersion: aiven.io/v1alpha1 @@ -45,7 +45,7 @@ spec: 2\. Create the service by applying the configuration: ```shell -kubectl apply -f os-sample.yaml +kubectl apply -f os-sample.yaml ``` 3\. Review the resource you created with this command: @@ -76,7 +76,6 @@ Status: The resource will be in the `REBUILDING` state for a few minutes. Once the state changes to `RUNNING`, you can access the resource. - ## Using the connection Secret For your convenience, the operator automatically stores the OpenSearch connection information in a Secret created with the @@ -85,7 +84,7 @@ name specified on the `connInfoSecretTarget` field. To view the details of the Secret, use the following command: ```shell -kubectl describe secret os-secret +kubectl describe secret os-secret ``` The output is similar to the following: diff --git a/docs/docs/resources/postgresql.md b/docs/docs/resources/postgresql.md index b6221ba0..a6e2d009 100644 --- a/docs/docs/resources/postgresql.md +++ b/docs/docs/resources/postgresql.md @@ -12,7 +12,7 @@ extender for location queries. Aiven for PostgreSQL is the perfect fit for your With Aiven Kubernetes Operator, you can manage Aiven for PostgreSQL through the well defined Kubernetes API. !!! note - Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/), + Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/), and a [Kubernetes Secret with an Aiven authentication token](../../authentication/). ## Creating a PostgreSQL instance @@ -141,7 +141,7 @@ spec: name: postgres command: [ 'psql', '$(DATABASE_URI)', '-c', 'SELECT version();' ] - # the pg-connection Secret becomes environment variables + # the pg-connection Secret becomes environment variables envFrom: - secretRef: name: pg-connection @@ -156,8 +156,9 @@ kubectl logs psql-test-connection ``` The output is similar to the following: + ```{ .shell .no-copy } - version + version --------------------------------------------------------------------------------------------- PostgreSQL 11.12 on x86_64-pc-linux-gnu, compiled by gcc, a 68c5366192 p 6b9244f01a, 64-bit (1 row) @@ -229,6 +230,7 @@ kubectl get secret pg-service-user-connection -o json | jq '.data | map_values(@ ``` The output has the password and username: + ```{ .json .no-copy } { "PASSWORD": "", @@ -276,9 +278,10 @@ The `ConnectionPool` generates a Secret with the connection info using the name field: ```shell -kubectl get secret pg-connection-pool-connection -o json | jq '.data | map_values(@base64d)' +kubectl get secret pg-connection-pool-connection -o json | jq '.data | map_values(@base64d)' ``` -The output is similar to the following: + +The output is similar to the following: ```{ .json .no-copy } { @@ -294,7 +297,7 @@ The output is similar to the following: ## Creating a PostgreSQL read-only replica -Read-only replicas can be used to reduce the load on the primary service by making read-only queries against the replica service. +Read-only replicas can be used to reduce the load on the primary service by making read-only queries against the replica service. To create a read-only replica for a PostgreSQL service, you create a second PostgreSQL service and use [serviceIntegrations](https://aiven.github.io/aiven-operator/api-reference/postgresql.html#spec.serviceIntegrations) to replicate data from your primary service. @@ -384,12 +387,12 @@ kubectl get postgresqls.aiven.io primary-pg-service The output is similar to the following: ```{ .shell .no-copy } -NAME PROJECT REGION PLAN STATE -primary-pg-service google-europe-west1 startup-4 RUNNING +NAME PROJECT REGION PLAN STATE +primary-pg-service google-europe-west1 startup-4 RUNNING ``` The resource can be in the `BUILDING` state for a few minutes. After the state of the primary service changes to `RUNNING`, the read-only replica is created. You can check the status of the replica using the same command with the name of the replica: ```shell kubectl get postgresqls.aiven.io read-replica-pg -``` \ No newline at end of file +``` diff --git a/docs/docs/resources/project-vpc.md b/docs/docs/resources/project-vpc.md index 43c46084..9c0937a7 100644 --- a/docs/docs/resources/project-vpc.md +++ b/docs/docs/resources/project-vpc.md @@ -11,7 +11,7 @@ directly without going through the public internet. Within the Aiven Kubernetes Operator, you can create a `ProjectVPC` on Aiven's side to connect to your cloud provider. !!! note - Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/), + Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/), and a [Kubernetes Secret with an Aiven authentication token](../../authentication/). ## Creating an Aiven VPC diff --git a/docs/docs/resources/project.md b/docs/docs/resources/project.md index e67ee1f1..c1635520 100644 --- a/docs/docs/resources/project.md +++ b/docs/docs/resources/project.md @@ -5,7 +5,7 @@ weight: 5 --- !!! note - Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/) + Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/) and a [Kubernetes Secret with an Aiven authentication token](../../authentication/). The `Project` CRD allows you to create Aiven Projects, where your resources can be located. @@ -13,6 +13,7 @@ The `Project` CRD allows you to create Aiven Projects, where your resources can To create a fully working Aiven Project with the Aiven Operator you need a source Aiven Project already created with a working billing configuration, like a credit card. Create a file named `project-sample.yaml` with the following content: + ```yaml apiVersion: aiven.io/v1alpha1 kind: Project @@ -31,6 +32,7 @@ spec: ``` Apply the resource with: + ```shell kubectl apply -f project-sample.yaml ``` @@ -46,4 +48,4 @@ The output is similar to the following: ```{ .shell .no-copy } NAME AGE project-sample 22s -``` \ No newline at end of file +``` diff --git a/docs/docs/resources/redis.md b/docs/docs/resources/redis.md index 61c08f46..6222d861 100644 --- a/docs/docs/resources/redis.md +++ b/docs/docs/resources/redis.md @@ -7,12 +7,12 @@ weight: 50 Aiven for Redis®* is a fully managed in-memory NoSQL database that you can deploy in the cloud of your choice to store and access data quickly and efficiently. !!! note - Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/) + Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/) and a [Kubernetes Secret with an Aiven authentication token](../../authentication/). ## Creating a Redis instance -1\. Create a file named `redis-sample.yaml`, and add the following content: +1\. Create a file named `redis-sample.yaml`, and add the following content: ```yaml apiVersion: aiven.io/v1alpha1 @@ -49,7 +49,7 @@ spec: 2\. Create the service by applying the configuration: ```shell -kubectl apply -f redis-sample.yaml +kubectl apply -f redis-sample.yaml ``` 3\. Review the resource you created with this command: @@ -80,7 +80,6 @@ Status: The resource will be in the `REBUILDING` state for a few minutes. Once the state changes to `RUNNING`, you can access the resource. - ## Using the connection Secret For your convenience, the operator automatically stores the Redis connection information in a Secret created with the @@ -89,7 +88,7 @@ name specified on the `connInfoSecretTarget` field. To view the details of the Secret, use the following command: ```shell -kubectl describe secret redis-secret +kubectl describe secret redis-secret ``` The output is similar to the following: diff --git a/docs/docs/resources/service-integrations.md b/docs/docs/resources/service-integrations.md index f239ab3c..03575890 100644 --- a/docs/docs/resources/service-integrations.md +++ b/docs/docs/resources/service-integrations.md @@ -11,7 +11,7 @@ our [Getting Started with Service Integrations guide](https://help.aiven.io/en/a for more information. !!! note - Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/), + Before going through this guide, make sure you have a [Kubernetes cluster](../../installation/prerequisites/) with the [operator installed](../../installation/), and a [Kubernetes Secret with an Aiven authentication token](../../authentication/). ## Send Kafka logs to a Kafka Topic @@ -80,7 +80,7 @@ spec: 2\. Create the resource on Kubernetes: ```shell -kubectl apply -f kafka-sample-topic.yaml +kubectl apply -f kafka-sample-topic.yaml ``` 3\. Now, create a `ServiceIntegration` resource to send the Kafka logs to the created topic. In the same file, add the @@ -116,7 +116,7 @@ spec: 4\. Reapply the resource on Kubernetes: ```shell -kubectl apply -f kafka-sample-topic.yaml +kubectl apply -f kafka-sample-topic.yaml ``` 5\. Let's check the created service integration: @@ -129,7 +129,7 @@ The output is similar to the following: ```{ .shell .no-copy } NAME PROJECT TYPE SOURCE SERVICE NAME DESTINATION SERVICE NAME SOURCE ENDPOINT ID DESTINATION ENDPOINT ID -service-integration-kafka-logs your-project kafka_logs kafka-sample kafka-sample +service-integration-kafka-logs your-project kafka_logs kafka-sample kafka-sample ``` Your Kafka service logs are now being streamed to the `logs` Kafka topic. diff --git a/docs/docs/troubleshooting.md b/docs/docs/troubleshooting.md index d78076b8..f9fdbbe3 100644 --- a/docs/docs/troubleshooting.md +++ b/docs/docs/troubleshooting.md @@ -47,7 +47,7 @@ Use the following command to visualize all the logs from the operator. kubectl logs -n aiven-operator-system -l control-plane=controller-manager ``` -### Verifing the operator version +### Verifying the operator version ```shell kubectl get pod -n aiven-operator-system -l control-plane=controller-manager -o jsonpath="{.items[0].spec.containers[0].image}" diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 6a51dc52..c1d29046 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -1,9 +1,11 @@ +--- # yaml-language-server: $schema=https://squidfunk.github.io/mkdocas-material/schema.json site_name: Aiven Operator copyright: Aiven Team repo_url: https://github.com/aiven/aiven-operator/ site_url: https://aiven.github.io/aiven-operator/ edit_uri: blob/main/docs/docs/ + markdown_extensions: - pymdownx.highlight: anchor_linenums: true @@ -22,9 +24,9 @@ markdown_extensions: - attr_list - toc: permalink: true -plugins: - - search - - offline + +plugins: [search, offline] + theme: name: material logo: assets/logo.svg @@ -38,7 +40,7 @@ theme: - content.action.view palette: # Palette toggle for light mode - - media: "(prefers-color-scheme: light)" + - media: '(prefers-color-scheme: light)' scheme: slate primary: red accent: deep-orange @@ -47,13 +49,14 @@ theme: name: Switch to dark mode # Palette toggle for dark mode - - media: "(prefers-color-scheme: dark)" + - media: '(prefers-color-scheme: dark)' scheme: default primary: deep-orange accent: red toggle: icon: material/brightness-4 name: Switch to light mode + nav: - Home: - index.md diff --git a/generators/userconfigs/generator_test_source.yml b/generators/userconfigs/generator_test_source.yml index a57ba5cc..0f8c20bd 100644 --- a/generators/userconfigs/generator_test_source.yml +++ b/generators/userconfigs/generator_test_source.yml @@ -1,4 +1,6 @@ +--- type: object + properties: additional_backup_regions: title: Additional Cloud Regions for Backup Replication @@ -9,63 +11,58 @@ properties: max_length: 256 pattern: ^[a-z0-9-]+$ example: aws-eu-central-1 - user_error: Must consist of lower-case alpha-numeric characters or dashes + user_error: Must consist of lower-case alphanumeric characters or dashes max_items: 1 admin_password: - title: Custom password for admin user. Defaults to random string. This must be set only when a new service is being created. - type: - - string - - "null" + title: Custom password for admin user. Defaults to random string. This must be + set only when a new service is being created. + type: [string, 'null'] min_length: 8 max_length: 256 create_only: true pattern: ^[a-zA-Z0-9-_]+$ example: z66o9QXqKM - user_error: Must consist of alpha-numeric characters, underscores or dashes + user_error: Must consist of alphanumeric characters, underscores or dashes admin_username: - title: Custom username for admin user. This must be set only when a new service is being created. - type: - - string - - "null" + title: Custom username for admin user. This must be set only when a new service + is being created. + type: [string, 'null'] max_length: 64 create_only: true pattern: ^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$ example: avnadmin - user_error: Must consist of alpha-numeric characters, dots, underscores or dashes, may not start with dash or dot, max 64 characters + user_error: Must consist of alphanumeric characters, dots, underscores or dashes, + may not start with dash or dot, max 64 characters backup_hour: - title: The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed. - type: - - integer - - "null" + title: The hour of day (in UTC) when backup for the service is started. New backup + is only started if previous backup has already completed. + type: [integer, 'null'] minimum: 0 maximum: 23 - example: "3" + example: '3' backup_minute: - title: The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed. - type: - - integer - - "null" + title: The minute of an hour when backup for the service is started. New backup + is only started if previous backup has already completed. + type: [integer, 'null'] minimum: 0 maximum: 59 - example: "30" + example: '30' enable_ipv6: title: Enable IPv6 - description: Register AAAA DNS records for the service, and allow IPv6 packets to service ports + description: Register AAAA DNS records for the service, and allow IPv6 packets + to service ports type: boolean example: true ip_filter: title: IP filter description: Allow incoming connections from CIDR address block, e.g. '10.20.0.0/16' type: array - default: - - 0.0.0.0/0 + default: [0.0.0.0/0] items: - title: CIDR address block, either as a string, or in a dict with an optional description field - type: - - string - - object - required: - - network + title: CIDR address block, either as a string, or in a dict with an optional + description field + type: [string, object] + required: [network] properties: description: title: Description for IP filter list entry @@ -82,12 +79,8 @@ properties: max_items: 1024 migration: title: Migrate data from existing server - type: - - object - - "null" - required: - - host - - port + type: [object, 'null'] + required: [host, port] properties: dbname: title: Database name for bootstrapping the initial connection @@ -100,12 +93,14 @@ properties: max_length: 255 example: my.server.com ignore_dbs: - title: Comma-separated list of databases, which should be ignored during migration (supported by MySQL only at the moment) + title: Comma-separated list of databases, which should be ignored during migration + (supported by MySQL only at the moment) type: string max_length: 2048 example: db1,db2 method: - title: The migration method to be used (currently supported only by Redis and MySQL service types) + title: The migration method to be used (currently supported only by Redis + and MySQL service types) type: string enum: - value: dump @@ -121,13 +116,14 @@ properties: type: integer minimum: 1 maximum: 65535 - example: "1234" + example: '1234' ssl: title: The server where to migrate data from is secured with SSL type: boolean default: true username: - title: User name for authentication with the server where to migrate data from + title: User name for authentication with the server where to migrate data + from type: string max_length: 256 example: myname @@ -137,97 +133,129 @@ properties: properties: autovacuum_analyze_scale_factor: title: autovacuum_analyze_scale_factor - description: Specifies a fraction of the table size to add to autovacuum_analyze_threshold when deciding whether to trigger an ANALYZE. The default is 0.2 (20% of table size) + description: Specifies a fraction of the table size to add to autovacuum_analyze_threshold + when deciding whether to trigger an ANALYZE. The default is 0.2 (20% of + table size) type: number minimum: 0 maximum: 1 autovacuum_analyze_threshold: title: autovacuum_analyze_threshold - description: Specifies the minimum number of inserted, updated or deleted tuples needed to trigger an ANALYZE in any one table. The default is 50 tuples. + description: Specifies the minimum number of inserted, updated or deleted + tuples needed to trigger an ANALYZE in any one table. The default is 50 + tuples. type: integer minimum: 0 maximum: 2147483647 autovacuum_freeze_max_age: title: autovacuum_freeze_max_age - description: Specifies the maximum age (in transactions) that a table's pg_class.relfrozenxid field can attain before a VACUUM operation is forced to prevent transaction ID wraparound within the table. Note that the system will launch autovacuum processes to prevent wraparound even when autovacuum is otherwise disabled. This parameter will cause the server to be restarted. + description: Specifies the maximum age (in transactions) that a table's pg_class.relfrozenxid + field can attain before a VACUUM operation is forced to prevent transaction + ID wraparound within the table. Note that the system will launch autovacuum + processes to prevent wraparound even when autovacuum is otherwise disabled. + This parameter will cause the server to be restarted. type: integer minimum: 200000000 maximum: 1500000000 - example: "200000000" + example: '200000000' autovacuum_max_workers: title: autovacuum_max_workers - description: Specifies the maximum number of autovacuum processes (other than the autovacuum launcher) that may be running at any one time. The default is three. This parameter can only be set at server start. + description: Specifies the maximum number of autovacuum processes (other than + the autovacuum launcher) that may be running at any one time. The default + is three. This parameter can only be set at server start. type: integer minimum: 1 maximum: 20 autovacuum_naptime: title: autovacuum_naptime - description: Specifies the minimum delay between autovacuum runs on any given database. The delay is measured in seconds, and the default is one minute + description: Specifies the minimum delay between autovacuum runs on any given + database. The delay is measured in seconds, and the default is one minute type: integer minimum: 1 maximum: 86400 autovacuum_vacuum_cost_delay: title: autovacuum_vacuum_cost_delay - description: Specifies the cost delay value that will be used in automatic VACUUM operations. If -1 is specified, the regular vacuum_cost_delay value will be used. The default value is 20 milliseconds + description: Specifies the cost delay value that will be used in automatic + VACUUM operations. If -1 is specified, the regular vacuum_cost_delay value + will be used. The default value is 20 milliseconds type: integer minimum: -1 maximum: 100 autovacuum_vacuum_cost_limit: title: autovacuum_vacuum_cost_limit - description: Specifies the cost limit value that will be used in automatic VACUUM operations. If -1 is specified (which is the default), the regular vacuum_cost_limit value will be used. + description: Specifies the cost limit value that will be used in automatic + VACUUM operations. If -1 is specified (which is the default), the regular + vacuum_cost_limit value will be used. type: integer minimum: -1 maximum: 10000 autovacuum_vacuum_scale_factor: title: autovacuum_vacuum_scale_factor - description: Specifies a fraction of the table size to add to autovacuum_vacuum_threshold when deciding whether to trigger a VACUUM. The default is 0.2 (20% of table size) + description: Specifies a fraction of the table size to add to autovacuum_vacuum_threshold + when deciding whether to trigger a VACUUM. The default is 0.2 (20% of table + size) type: number minimum: 0 maximum: 1 autovacuum_vacuum_threshold: title: autovacuum_vacuum_threshold - description: Specifies the minimum number of updated or deleted tuples needed to trigger a VACUUM in any one table. The default is 50 tuples + description: Specifies the minimum number of updated or deleted tuples needed + to trigger a VACUUM in any one table. The default is 50 tuples type: integer minimum: 0 maximum: 2147483647 bgwriter_delay: title: bgwriter_delay - description: Specifies the delay between activity rounds for the background writer in milliseconds. Default is 200. + description: Specifies the delay between activity rounds for the background + writer in milliseconds. Default is 200. type: integer minimum: 10 maximum: 10000 - example: "200" + example: '200' bgwriter_flush_after: title: bgwriter_flush_after - description: Whenever more than bgwriter_flush_after bytes have been written by the background writer, attempt to force the OS to issue these writes to the underlying storage. Specified in kilobytes, default is 512. Setting of 0 disables forced writeback. + description: Whenever more than bgwriter_flush_after bytes have been written + by the background writer, attempt to force the OS to issue these writes + to the underlying storage. Specified in kilobytes, default is 512. Setting + of 0 disables forced writeback. type: integer minimum: 0 maximum: 2048 - example: "512" + example: '512' bgwriter_lru_maxpages: title: bgwriter_lru_maxpages - description: In each round, no more than this many buffers will be written by the background writer. Setting this to zero disables background writing. Default is 100. + description: In each round, no more than this many buffers will be written + by the background writer. Setting this to zero disables background writing. + Default is 100. type: integer minimum: 0 maximum: 1073741823 - example: "100" + example: '100' bgwriter_lru_multiplier: title: bgwriter_lru_multiplier - description: The average recent need for new buffers is multiplied by bgwriter_lru_multiplier to arrive at an estimate of the number that will be needed during the next round, (up to bgwriter_lru_maxpages). 1.0 represents a “just in time” policy of writing exactly the number of buffers predicted to be needed. Larger values provide some cushion against spikes in demand, while smaller values intentionally leave writes to be done by server processes. The default is 2.0. + description: The average recent need for new buffers is multiplied by bgwriter_lru_multiplier + to arrive at an estimate of the number that will be needed during the next + round, (up to bgwriter_lru_maxpages). 1.0 represents a “just in time” policy + of writing exactly the number of buffers predicted to be needed. Larger + values provide some cushion against spikes in demand, while smaller values + intentionally leave writes to be done by server processes. The default is + 2.0. type: number minimum: 0 maximum: 10 - example: "2.0" + example: '2.0' deadlock_timeout: title: deadlock_timeout - description: This is the amount of time, in milliseconds, to wait on a lock before checking to see if there is a deadlock condition. + description: This is the amount of time, in milliseconds, to wait on a lock + before checking to see if there is a deadlock condition. type: integer minimum: 500 maximum: 1800000 - example: "1000" + example: '1000' default_toast_compression: title: default_toast_compression - description: Specifies the default TOAST compression method for values of compressible columns (the default is lz4). + description: Specifies the default TOAST compression method for values of + compressible columns (the default is lz4). type: string enum: - value: lz4 @@ -235,7 +263,8 @@ properties: example: lz4 idle_in_transaction_session_timeout: title: idle_in_transaction_session_timeout - description: Time out sessions with open transactions after this number of milliseconds + description: Time out sessions with open transactions after this number of + milliseconds type: integer minimum: 0 maximum: 604800000 @@ -246,13 +275,17 @@ properties: example: true log_autovacuum_min_duration: title: log_autovacuum_min_duration - description: Causes each action executed by autovacuum to be logged if it ran for at least the specified number of milliseconds. Setting this to zero logs all autovacuum actions. Minus-one (the default) disables logging autovacuum actions. + description: Causes each action executed by autovacuum to be logged if it + ran for at least the specified number of milliseconds. Setting this to zero + logs all autovacuum actions. Minus-one (the default) disables logging autovacuum + actions. type: integer minimum: -1 maximum: 2147483647 log_error_verbosity: title: log_error_verbosity - description: Controls the amount of detail written in the server log for each message that is logged. + description: Controls the amount of detail written in the server log for each + message that is logged. type: string enum: - value: TERSE @@ -260,21 +293,24 @@ properties: - value: VERBOSE log_line_prefix: title: log_line_prefix - description: Choose from one of the available log-formats. These can support popular log analyzers like pgbadger, pganalyze etc. + description: Choose from one of the available log-formats. These can support + popular log analyzers like pgbadger, pganalyze etc. type: string enum: - - value: '''pid=%p,user=%u,db=%d,app=%a,client=%h ''' - - value: '''%t [%p]: [%l-1] user=%u,db=%d,app=%a,client=%h ''' - - value: '''%m [%p] %q[user=%u,db=%d,app=%a] ''' + - value: "'pid=%p,user=%u,db=%d,app=%a,client=%h '" + - value: "'%t [%p]: [%l-1] user=%u,db=%d,app=%a,client=%h '" + - value: "'%m [%p] %q[user=%u,db=%d,app=%a] '" log_min_duration_statement: title: log_min_duration_statement - description: Log statements that take more than this number of milliseconds to run, -1 disables + description: Log statements that take more than this number of milliseconds + to run, -1 disables type: integer minimum: -1 maximum: 86400000 log_temp_files: title: log_temp_files - description: Log statements for each temporary file created larger than this number of kilobytes, -1 disables + description: Log statements for each temporary file created larger than this + number of kilobytes, -1 disables type: integer minimum: -1 maximum: 2147483647 @@ -292,19 +328,22 @@ properties: maximum: 6400 max_logical_replication_workers: title: max_logical_replication_workers - description: PostgreSQL maximum logical replication workers (taken from the pool of max_parallel_workers) + description: PostgreSQL maximum logical replication workers (taken from the + pool of max_parallel_workers) type: integer minimum: 4 maximum: 64 max_parallel_workers: title: max_parallel_workers - description: Sets the maximum number of workers that the system can support for parallel queries + description: Sets the maximum number of workers that the system can support + for parallel queries type: integer minimum: 0 maximum: 96 max_parallel_workers_per_gather: title: max_parallel_workers_per_gather - description: Sets the maximum number of workers that can be started by a single Gather or Gather Merge node + description: Sets the maximum number of workers that can be started by a single + Gather or Gather Merge node type: integer minimum: 0 maximum: 96 @@ -328,7 +367,9 @@ properties: maximum: 64 max_slot_wal_keep_size: title: max_slot_wal_keep_size - description: PostgreSQL maximum WAL size (MB) reserved for replication slots. Default is -1 (unlimited). wal_keep_size minimum WAL size setting takes precedence over this. + description: PostgreSQL maximum WAL size (MB) reserved for replication slots. + Default is -1 (unlimited). wal_keep_size minimum WAL size setting takes + precedence over this. type: integer minimum: -1 maximum: 2147483647 @@ -358,7 +399,8 @@ properties: maximum: 64 max_worker_processes: title: max_worker_processes - description: Sets the maximum number of background processes that the system can support + description: Sets the maximum number of background processes that the system + can support type: integer minimum: 8 maximum: 96 @@ -368,15 +410,17 @@ properties: type: integer minimum: 3600 maximum: 604800 - example: "3600" + example: '3600' pg_partman_bgw.role: title: pg_partman_bgw.role - description: Controls which role to use for pg_partman's scheduled background tasks. + description: Controls which role to use for pg_partman's scheduled background + tasks. type: string max_length: 64 pattern: ^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$ example: myrolename - user_error: Must consist of alpha-numeric characters, dots, underscores or dashes, may not start with dash or dot, max 64 characters + user_error: Must consist of alphanumeric characters, dots, underscores or + dashes, may not start with dash or dot, max 64 characters pg_stat_monitor.pgsm_enable_query_plan: title: pg_stat_monitor.pgsm_enable_query_plan description: Enables or disables query plan monitoring @@ -388,12 +432,14 @@ properties: type: integer minimum: 1 maximum: 10 - example: "10" + example: '10' pg_stat_statements.track: title: pg_stat_statements.track - description: Controls which statements are counted. Specify top to track top-level statements (those issued directly by clients), all to also track nested statements (such as statements invoked within functions), or none to disable statement statistics collection. The default value is top. - type: - - string + description: Controls which statements are counted. Specify top to track top-level + statements (those issued directly by clients), all to also track nested + statements (such as statements invoked within functions), or none to disable + statement statistics collection. The default value is top. + type: [string] enum: - value: all - value: top @@ -404,7 +450,7 @@ properties: type: integer minimum: -1 maximum: 2147483647 - example: "5000000" + example: '5000000' timezone: title: timezone description: PostgreSQL service timezone @@ -413,19 +459,20 @@ properties: example: Europe/Helsinki track_activity_query_size: title: track_activity_query_size - description: Specifies the number of bytes reserved to track the currently executing command for each active session. + description: Specifies the number of bytes reserved to track the currently + executing command for each active session. type: integer minimum: 1024 maximum: 10240 - example: "1024" + example: '1024' track_commit_timestamp: title: track_commit_timestamp description: Record commit time of transactions. type: string enum: - - value: "off" - - value: "on" - example: "off" + - value: 'off' + - value: 'on' + example: 'off' track_functions: title: track_functions description: Enables tracking of function call counts and time used. @@ -436,74 +483,80 @@ properties: - value: none track_io_timing: title: track_io_timing - description: Enables timing of database I/O calls. This parameter is off by default, because it will repeatedly query the operating system for the current time, which may cause significant overhead on some platforms. + description: Enables timing of database I/O calls. This parameter is off by + default, because it will repeatedly query the operating system for the current + time, which may cause significant overhead on some platforms. type: string enum: - - value: "off" - - value: "on" - example: "off" + - value: 'off' + - value: 'on' + example: 'off' wal_sender_timeout: title: wal_sender_timeout - description: Terminate replication connections that are inactive for longer than this amount of time, in milliseconds. Setting this value to zero disables the timeout. + description: Terminate replication connections that are inactive for longer + than this amount of time, in milliseconds. Setting this value to zero disables + the timeout. type: integer - example: "60000" + example: '60000' user_error: Must be either 0 or between 5000 and 10800000. wal_writer_delay: title: wal_writer_delay - description: WAL flush interval in milliseconds. Note that setting this value to lower than the default 200ms may negatively impact performance + description: WAL flush interval in milliseconds. Note that setting this value + to lower than the default 200ms may negatively impact performance type: integer minimum: 10 maximum: 200 - example: "50" + example: '50' pg_read_replica: - title: Should the service which is being forked be a read replica (deprecated, use read_replica service integration instead). - description: This setting is deprecated. Use read_replica service integration instead. - type: - - boolean - - "null" + title: Should the service which is being forked be a read replica (deprecated, + use read_replica service integration instead). + description: This setting is deprecated. Use read_replica service integration + instead. + type: [boolean, 'null'] example: true pg_service_to_fork_from: - title: Name of the PG Service from which to fork (deprecated, use service_to_fork_from). This has effect only when a new service is being created. - type: - - string - - "null" + title: Name of the PG Service from which to fork (deprecated, use service_to_fork_from). + This has effect only when a new service is being created. + type: [string, 'null'] max_length: 64 create_only: true example: anotherservicename pg_stat_monitor_enable: title: Enable pg_stat_monitor extension if available for the current cluster - description: Enable the pg_stat_monitor extension. Enabling this extension will cause the cluster to be restarted.When this extension is enabled, pg_stat_statements results for utility commands are unreliable + description: Enable the pg_stat_monitor extension. Enabling this extension will + cause the cluster to be restarted.When this extension is enabled, pg_stat_statements + results for utility commands are unreliable type: boolean default: false pg_version: title: PostgreSQL major version - type: - - string - - "null" + type: [string, 'null'] enum: - is_deprecated: true deprecation_notice: This value is deprecated. - value: "10" - - value: "11" - - value: "12" - - value: "13" - - value: "14" + value: '10' + - value: '11' + - value: '12' + - value: '13' + - value: '14' pgbouncer: title: PGBouncer connection pooling settings type: object properties: autodb_idle_timeout: - title: If the automatically created database pools have been unused this many seconds, they are freed. If 0 then timeout is disabled. [seconds] + title: If the automatically created database pools have been unused this many + seconds, they are freed. If 0 then timeout is disabled. [seconds] type: integer minimum: 0 maximum: 86400 - example: "3600" + example: '3600' autodb_max_db_connections: - title: Do not allow more than this many server connections per database (regardless of user). Setting it to 0 means unlimited. + title: Do not allow more than this many server connections per database (regardless + of user). Setting it to 0 means unlimited. type: integer minimum: 0 maximum: 2147483647 - example: "0" + example: '0' autodb_pool_mode: title: PGBouncer pool mode type: string @@ -513,11 +566,12 @@ properties: - value: statement example: session autodb_pool_size: - title: If non-zero then create automatically a pool of that size per user when a pool doesn't exist. + title: If non-zero then create automatically a pool of that size per user + when a pool doesn't exist. type: integer minimum: 0 maximum: 10000 - example: "0" + example: '0' ignore_startup_parameters: title: List of parameters to ignore when given in startup packet type: array @@ -528,27 +582,29 @@ properties: - value: extra_float_digits - value: search_path max_items: 32 - example: - - extra_float_digits - - search_path + example: [extra_float_digits, search_path] min_pool_size: - title: Add more server connections to pool if below this number. Improves behavior when usual load comes suddenly back after period of total inactivity. The value is effectively capped at the pool size. + title: Add more server connections to pool if below this number. Improves + behavior when usual load comes suddenly back after period of total inactivity. + The value is effectively capped at the pool size. type: integer minimum: 0 maximum: 10000 - example: "0" + example: '0' server_idle_timeout: - title: If a server connection has been idle more than this many seconds it will be dropped. If 0 then timeout is disabled. [seconds] + title: If a server connection has been idle more than this many seconds it + will be dropped. If 0 then timeout is disabled. [seconds] type: integer minimum: 0 maximum: 86400 - example: "600" + example: '600' server_lifetime: - title: The pooler will close an unused server connection that has been connected longer than this. [seconds] + title: The pooler will close an unused server connection that has been connected + longer than this. [seconds] type: integer minimum: 60 maximum: 86400 - example: "3600" + example: '3600' server_reset_query_always: title: Run server_reset_query (DISCARD ALL) in all pooling modes type: boolean @@ -557,13 +613,14 @@ properties: title: PGLookout settings type: object default: - max_failover_replication_time_lag: "60" + max_failover_replication_time_lag: '60' properties: max_failover_replication_time_lag: title: max_failover_replication_time_lag - description: Number of seconds of master unavailability before triggering database failover to standby + description: Number of seconds of master unavailability before triggering + database failover to standby type: integer - default: "60" + default: '60' minimum: 10 maximum: 9223372036854775807 private_access: @@ -571,15 +628,21 @@ properties: type: object properties: pg: - title: Allow clients to connect to pg with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations + title: Allow clients to connect to pg with a DNS name that always resolves + to the service's private IP addresses. Only available in certain network + locations type: boolean example: true pgbouncer: - title: Allow clients to connect to pgbouncer with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations + title: Allow clients to connect to pgbouncer with a DNS name that always resolves + to the service's private IP addresses. Only available in certain network + locations type: boolean example: true prometheus: - title: Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations + title: Allow clients to connect to prometheus with a DNS name that always + resolves to the service's private IP addresses. Only available in certain + network locations type: boolean example: true privatelink_access: @@ -599,10 +662,9 @@ properties: type: boolean example: true project_to_fork_from: - title: Name of another project to fork a service from. This has effect only when a new service is being created. - type: - - string - - "null" + title: Name of another project to fork a service from. This has effect only when + a new service is being created. + type: [string, 'null'] max_length: 63 create_only: true example: anotherprojectname @@ -611,76 +673,84 @@ properties: type: object properties: pg: - title: Allow clients to connect to pg from the public internet for service nodes that are in a project VPC or another type of private network + title: Allow clients to connect to pg from the public internet for service + nodes that are in a project VPC or another type of private network type: boolean example: true pgbouncer: - title: Allow clients to connect to pgbouncer from the public internet for service nodes that are in a project VPC or another type of private network + title: Allow clients to connect to pgbouncer from the public internet for + service nodes that are in a project VPC or another type of private network type: boolean example: true prometheus: - title: Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network + title: Allow clients to connect to prometheus from the public internet for + service nodes that are in a project VPC or another type of private network type: boolean example: true recovery_target_time: - title: Recovery target time when forking a service. This has effect only when a new service is being created. - type: - - string - - "null" + title: Recovery target time when forking a service. This has effect only when + a new service is being created. + type: [string, 'null'] max_length: 32 create_only: true - example: "2019-01-01 23:34:45" + example: '2019-01-01 23:34:45' service_to_fork_from: - title: Name of another service to fork from. This has effect only when a new service is being created. - type: - - string - - "null" + title: Name of another service to fork from. This has effect only when a new service + is being created. + type: [string, 'null'] max_length: 64 create_only: true example: anotherservicename shared_buffers_percentage: title: shared_buffers_percentage - description: Percentage of total RAM that the database server uses for shared memory buffers. Valid range is 20-60 (float), which corresponds to 20% - 60%. This setting adjusts the shared_buffers configuration value. + description: Percentage of total RAM that the database server uses for shared + memory buffers. Valid range is 20-60 (float), which corresponds to 20% - 60%. + This setting adjusts the shared_buffers configuration value. type: number minimum: 20 maximum: 60 - example: "41.5" + example: '41.5' static_ips: title: Static IP addresses description: Use static public IP addresses type: boolean example: true synchronous_replication: - title: Synchronous replication type. Note that the service plan also needs to support synchronous replication. + title: Synchronous replication type. Note that the service plan also needs to + support synchronous replication. type: string enum: - value: quorum - - value: "off" - example: "off" + - value: 'off' + example: 'off' timescaledb: title: TimescaleDB extension configuration values type: object properties: max_background_workers: title: timescaledb.max_background_workers - description: The number of background workers for timescaledb operations. You should configure this setting to the sum of your number of databases and the total number of concurrent background workers you want running at any given point in time. + description: The number of background workers for timescaledb operations. + You should configure this setting to the sum of your number of databases + and the total number of concurrent background workers you want running at + any given point in time. type: integer minimum: 1 maximum: 4096 - example: "8" + example: '8' variant: - title: Variant of the PostgreSQL service, may affect the features that are exposed by default - type: - - string - - "null" + title: Variant of the PostgreSQL service, may affect the features that are exposed + by default + type: [string, 'null'] enum: - value: aiven - value: timescale example: aiven work_mem: title: work_mem - description: Sets the maximum amount of memory to be used by a query operation (such as a sort or hash table) before writing to temporary disk files, in MB. Default is 1MB + 0.075% of total RAM (up to 32MB). + description: Sets the maximum amount of memory to be used by a query operation + (such as a sort or hash table) before writing to temporary disk files, in MB. + Default is 1MB + 0.075% of total RAM (up to 32MB). type: integer minimum: 1 maximum: 1024 - example: "4" + example: '4' diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt index 736e4ad4..66d145b0 100644 --- a/hack/boilerplate.go.txt +++ b/hack/boilerplate.go.txt @@ -1 +1 @@ -// Copyright (c) 2022 Aiven, Helsinki, Finland. https://aiven.io/ \ No newline at end of file +// Copyright (c) 2022 Aiven, Helsinki, Finland. https://aiven.io/ diff --git a/test/e2e/cassandra/cassandra-simple-cluster/00-secret.yaml b/test/e2e/cassandra/cassandra-simple-cluster/00-secret.yaml index a87b3cdf..6bf18c4d 100644 --- a/test/e2e/cassandra/cassandra-simple-cluster/00-secret.yaml +++ b/test/e2e/cassandra/cassandra-simple-cluster/00-secret.yaml @@ -1,4 +1,6 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN + - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN diff --git a/test/e2e/cassandra/cassandra-simple-cluster/01-cassandra.yaml b/test/e2e/cassandra/cassandra-simple-cluster/01-cassandra.yaml index c4f96e49..33fa51be 100644 --- a/test/e2e/cassandra/cassandra-simple-cluster/01-cassandra.yaml +++ b/test/e2e/cassandra/cassandra-simple-cluster/01-cassandra.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Cassandra + metadata: name: k8s-e2e-cassandra-simple + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/cassandra/cassandra-simple-cluster/02-check.yaml b/test/e2e/cassandra/cassandra-simple-cluster/02-check.yaml index f5132d4c..ec6a55a5 100644 --- a/test/e2e/cassandra/cassandra-simple-cluster/02-check.yaml +++ b/test/e2e/cassandra/cassandra-simple-cluster/02-check.yaml @@ -1,8 +1,10 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: | - while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-cassandra-simple --project aiven-ci-kubernetes-operator; - do - sleep 10 - done + - script: |- + while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-cassandra-simple --project aiven-ci-kubernetes-operator; + do + sleep 10 + done diff --git a/test/e2e/cassandra/cassandra-simple-cluster/03-delete.yaml b/test/e2e/cassandra/cassandra-simple-cluster/03-delete.yaml index 788c3664..1056275c 100644 --- a/test/e2e/cassandra/cassandra-simple-cluster/03-delete.yaml +++ b/test/e2e/cassandra/cassandra-simple-cluster/03-delete.yaml @@ -1,5 +1,7 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + delete: - apiVersion: aiven.io/v1alpha1 kind: Cassandra diff --git a/test/e2e/clickhouse/clickhouse-simple-cluster/00-secret.yaml b/test/e2e/clickhouse/clickhouse-simple-cluster/00-secret.yaml index a87b3cdf..6bf18c4d 100644 --- a/test/e2e/clickhouse/clickhouse-simple-cluster/00-secret.yaml +++ b/test/e2e/clickhouse/clickhouse-simple-cluster/00-secret.yaml @@ -1,4 +1,6 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN + - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN diff --git a/test/e2e/clickhouse/clickhouse-simple-cluster/01-clickhouse.yaml b/test/e2e/clickhouse/clickhouse-simple-cluster/01-clickhouse.yaml index 557614b1..441f69dc 100644 --- a/test/e2e/clickhouse/clickhouse-simple-cluster/01-clickhouse.yaml +++ b/test/e2e/clickhouse/clickhouse-simple-cluster/01-clickhouse.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Clickhouse + metadata: name: k8s-e2e-test-ch-sample + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/clickhouse/clickhouse-simple-cluster/02-check.yaml b/test/e2e/clickhouse/clickhouse-simple-cluster/02-check.yaml index 16f9f2c9..1bc15c95 100644 --- a/test/e2e/clickhouse/clickhouse-simple-cluster/02-check.yaml +++ b/test/e2e/clickhouse/clickhouse-simple-cluster/02-check.yaml @@ -1,8 +1,10 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: | - while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-test-ch-sample --project aiven-ci-kubernetes-operator; - do - sleep 10 - done \ No newline at end of file + - script: |- + while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-test-ch-sample --project aiven-ci-kubernetes-operator; + do + sleep 10 + done diff --git a/test/e2e/clickhouse/clickhouse-simple-cluster/03-delete.yaml b/test/e2e/clickhouse/clickhouse-simple-cluster/03-delete.yaml index f12ae024..e5bf28e1 100644 --- a/test/e2e/clickhouse/clickhouse-simple-cluster/03-delete.yaml +++ b/test/e2e/clickhouse/clickhouse-simple-cluster/03-delete.yaml @@ -1,5 +1,7 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + delete: - apiVersion: aiven.io/v1alpha1 kind: Clickhouse diff --git a/test/e2e/grafana/grafana-simple-cluster/00-secret.yaml b/test/e2e/grafana/grafana-simple-cluster/00-secret.yaml index a87b3cdf..6bf18c4d 100644 --- a/test/e2e/grafana/grafana-simple-cluster/00-secret.yaml +++ b/test/e2e/grafana/grafana-simple-cluster/00-secret.yaml @@ -1,4 +1,6 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN + - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN diff --git a/test/e2e/grafana/grafana-simple-cluster/01-grafana.yaml b/test/e2e/grafana/grafana-simple-cluster/01-grafana.yaml index ce8da1bf..5f1a6717 100644 --- a/test/e2e/grafana/grafana-simple-cluster/01-grafana.yaml +++ b/test/e2e/grafana/grafana-simple-cluster/01-grafana.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Grafana + metadata: name: k8s-e2e-grafana-simple + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/grafana/grafana-simple-cluster/02-check.yaml b/test/e2e/grafana/grafana-simple-cluster/02-check.yaml index 71cdd6a5..8e972a4b 100644 --- a/test/e2e/grafana/grafana-simple-cluster/02-check.yaml +++ b/test/e2e/grafana/grafana-simple-cluster/02-check.yaml @@ -1,8 +1,10 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: | - while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-grafana-simple --project aiven-ci-kubernetes-operator; - do - sleep 10 - done + - script: |- + while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-grafana-simple --project aiven-ci-kubernetes-operator; + do + sleep 10 + done diff --git a/test/e2e/grafana/grafana-simple-cluster/03-delete.yaml b/test/e2e/grafana/grafana-simple-cluster/03-delete.yaml index 753586f5..f2f43892 100644 --- a/test/e2e/grafana/grafana-simple-cluster/03-delete.yaml +++ b/test/e2e/grafana/grafana-simple-cluster/03-delete.yaml @@ -1,5 +1,7 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + delete: - apiVersion: aiven.io/v1alpha1 kind: Grafana diff --git a/test/e2e/kafka-connector/connect-kafka-to-postgres/00-secret.yaml b/test/e2e/kafka-connector/connect-kafka-to-postgres/00-secret.yaml index a87b3cdf..6bf18c4d 100644 --- a/test/e2e/kafka-connector/connect-kafka-to-postgres/00-secret.yaml +++ b/test/e2e/kafka-connector/connect-kafka-to-postgres/00-secret.yaml @@ -1,4 +1,6 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN + - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN diff --git a/test/e2e/kafka-connector/connect-kafka-to-postgres/01-kafka-topic.yaml b/test/e2e/kafka-connector/connect-kafka-to-postgres/01-kafka-topic.yaml index 573c47c2..df840907 100644 --- a/test/e2e/kafka-connector/connect-kafka-to-postgres/01-kafka-topic.yaml +++ b/test/e2e/kafka-connector/connect-kafka-to-postgres/01-kafka-topic.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: KafkaTopic + metadata: name: k8s-test-kafka-connector-connect-kafka-to-postgres-topic + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/kafka-connector/connect-kafka-to-postgres/01-kafka.yaml b/test/e2e/kafka-connector/connect-kafka-to-postgres/01-kafka.yaml index 637e50eb..2cb100f6 100644 --- a/test/e2e/kafka-connector/connect-kafka-to-postgres/01-kafka.yaml +++ b/test/e2e/kafka-connector/connect-kafka-to-postgres/01-kafka.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Kafka + metadata: name: k8s-test-kafka-connector-connect-kafka-to-postgres-kafka + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/kafka-connector/connect-kafka-to-postgres/01-postgres.yaml b/test/e2e/kafka-connector/connect-kafka-to-postgres/01-postgres.yaml index b235e832..d2287e87 100644 --- a/test/e2e/kafka-connector/connect-kafka-to-postgres/01-postgres.yaml +++ b/test/e2e/kafka-connector/connect-kafka-to-postgres/01-postgres.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: PostgreSQL + metadata: name: k8s-test-kafka-connector-connect-kafka-to-postgres-pg + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/kafka-connector/connect-kafka-to-postgres/02-check-services-running.yaml b/test/e2e/kafka-connector/connect-kafka-to-postgres/02-check-services-running.yaml index 60262657..0be70eb0 100644 --- a/test/e2e/kafka-connector/connect-kafka-to-postgres/02-check-services-running.yaml +++ b/test/e2e/kafka-connector/connect-kafka-to-postgres/02-check-services-running.yaml @@ -1,22 +1,24 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: | - SERVICE=k8s-test-kafka-connector-connect-kafka-to-postgres-kafka - while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; - do - sleep 10 - done -- script: | - SERVICE=k8s-test-kafka-connector-connect-kafka-to-postgres-pg - while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; - do - sleep 10 - done -- script: | - SERVICE=k8s-test-kafka-connector-connect-kafka-to-postgres-kafka - TOPIC=k8s-test-kafka-connector-connect-kafka-to-postgres-topic - while ! avn --auth-token $AIVEN_TOKEN service topic-get $SERVICE $TOPIC --project aiven-ci-kubernetes-operator; - do - sleep 10 - done + - script: | + SERVICE=k8s-test-kafka-connector-connect-kafka-to-postgres-kafka + while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; + do + sleep 10 + done + - script: | + SERVICE=k8s-test-kafka-connector-connect-kafka-to-postgres-pg + while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; + do + sleep 10 + done + - script: |- + SERVICE=k8s-test-kafka-connector-connect-kafka-to-postgres-kafka + TOPIC=k8s-test-kafka-connector-connect-kafka-to-postgres-topic + while ! avn --auth-token $AIVEN_TOKEN service topic-get $SERVICE $TOPIC --project aiven-ci-kubernetes-operator; + do + sleep 10 + done diff --git a/test/e2e/kafka-connector/connect-kafka-to-postgres/03-connector.yaml b/test/e2e/kafka-connector/connect-kafka-to-postgres/03-connector.yaml index c81f50e9..611d06fe 100644 --- a/test/e2e/kafka-connector/connect-kafka-to-postgres/03-connector.yaml +++ b/test/e2e/kafka-connector/connect-kafka-to-postgres/03-connector.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: KafkaConnector + metadata: name: k8s-test-kafka-connector-connect-kafka-to-postgres-connector + spec: authSecretRef: name: aiven-token @@ -14,11 +17,12 @@ spec: connectorClass: io.aiven.connect.jdbc.JdbcSinkConnector userConfig: - auto.create: "true" - connection.url: 'jdbc:postgresql://{{ fromSecret "pg-secret" "PGHOST"}}:{{ fromSecret "pg-secret" "PGPORT" }}/{{ fromSecret "pg-secret" "PGDATABASE" }}' + auto.create: 'true' + connection.url: jdbc:postgresql://{{ fromSecret "pg-secret" "PGHOST"}}:{{ fromSecret + "pg-secret" "PGPORT" }}/{{ fromSecret "pg-secret" "PGDATABASE" }} connection.user: '{{ fromSecret "pg-secret" "PGUSER" }}' connection.password: '{{ fromSecret "pg-secret" "PGPASSWORD" }}' topics: k8s-test-kafka-connector-connect-kafka-to-postgres-topic key.converter: org.apache.kafka.connect.json.JsonConverter value.converter: org.apache.kafka.connect.json.JsonConverter - value.converter.schemas.enable: "true" + value.converter.schemas.enable: 'true' diff --git a/test/e2e/kafka-connector/connect-kafka-to-postgres/04-write-and-receive.yaml b/test/e2e/kafka-connector/connect-kafka-to-postgres/04-write-and-receive.yaml index 113b6d48..24920b3a 100644 --- a/test/e2e/kafka-connector/connect-kafka-to-postgres/04-write-and-receive.yaml +++ b/test/e2e/kafka-connector/connect-kafka-to-postgres/04-write-and-receive.yaml @@ -1,48 +1,48 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep commands: # produce the message -- script: | - mkdir -p /tmp/kafkacat - trap 'rm -rf /tmp/kafkacat' EXIT + - script: | + mkdir -p /tmp/kafkacat + trap 'rm -rf /tmp/kafkacat' EXIT - kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.CA_CERT -r | base64 -w0 -d >> /tmp/kafkacat/ca.crt - kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.ACCESS_CERT -r | base64 -w0 -d >> /tmp/kafkacat/service.crt - kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.ACCESS_KEY -r | base64 -w0 -d >> /tmp/kafkacat/service.key + kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.CA_CERT -r | base64 -w0 -d >> /tmp/kafkacat/ca.crt + kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.ACCESS_CERT -r | base64 -w0 -d >> /tmp/kafkacat/service.crt + kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.ACCESS_KEY -r | base64 -w0 -d >> /tmp/kafkacat/service.key - HOST=$(kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.HOST -r | base64 -d) - PORT=$(kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.PORT -r | base64 -d) - TOPIC=k8s-test-kafka-connector-connect-kafka-to-postgres-topic + HOST=$(kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.HOST -r | base64 -d) + PORT=$(kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.PORT -r | base64 -d) + TOPIC=k8s-test-kafka-connector-connect-kafka-to-postgres-topic - cat <> /tmp/kafkacat/msg - { - "schema": { - "type": "struct", - "fields": [ - { "field": "text", "type": "string", "optional": false } - ] - }, - "payload": { - "text": "Hello World" + cat <> /tmp/kafkacat/msg + { + "schema": { + "type": "struct", + "fields": [ + { "field": "text", "type": "string", "optional": false } + ] + }, + "payload": { + "text": "Hello World" + } } - } - EOF - - kcat \ - -b $HOST:$PORT \ - -X security.protocol=SSL \ - -X ssl.ca.location=/tmp/kafkacat/ca.crt \ - -X ssl.certificate.location=/tmp/kafkacat/service.crt \ - -X ssl.key.location=/tmp/kafkacat/service.key \ - -P -t $TOPIC /tmp/kafkacat/msg + EOF -# check that the connector wrote the message -- script: | - URI=$(kubectl --namespace $NAMESPACE get secret pg-secret -ojson | jq .data.DATABASE_URI -r | base64 -d) - TABLE=k8s-test-kafka-connector-connect-kafka-to-postgres-topic + kcat \ + -b $HOST:$PORT \ + -X security.protocol=SSL \ + -X ssl.ca.location=/tmp/kafkacat/ca.crt \ + -X ssl.certificate.location=/tmp/kafkacat/service.crt \ + -X ssl.key.location=/tmp/kafkacat/service.key \ + -P -t $TOPIC /tmp/kafkacat/msg - while ! psql $URI -qtAX -c "SELECT text FROM \"$TABLE\"" == "Hello World" - do - sleep 10 - done +# check that the connector wrote the message + - script: |- + URI=$(kubectl --namespace $NAMESPACE get secret pg-secret -ojson | jq .data.DATABASE_URI -r | base64 -d) + TABLE=k8s-test-kafka-connector-connect-kafka-to-postgres-topic + while ! psql $URI -qtAX -c "SELECT text FROM \"$TABLE\"" == "Hello World" + do + sleep 10 + done diff --git a/test/e2e/kafka-connector/connect-kafka-to-postgres/05-delete.yaml b/test/e2e/kafka-connector/connect-kafka-to-postgres/05-delete.yaml index be103213..a3ce76e4 100644 --- a/test/e2e/kafka-connector/connect-kafka-to-postgres/05-delete.yaml +++ b/test/e2e/kafka-connector/connect-kafka-to-postgres/05-delete.yaml @@ -1,5 +1,7 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + delete: - apiVersion: aiven.io/v1alpha1 kind: PostgreSQL diff --git a/test/e2e/kafka-topic/simple-kafka-topic/00-secret.yaml b/test/e2e/kafka-topic/simple-kafka-topic/00-secret.yaml index a87b3cdf..6bf18c4d 100644 --- a/test/e2e/kafka-topic/simple-kafka-topic/00-secret.yaml +++ b/test/e2e/kafka-topic/simple-kafka-topic/00-secret.yaml @@ -1,4 +1,6 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN + - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN diff --git a/test/e2e/kafka-topic/simple-kafka-topic/01-kafka-topic-acl.yaml b/test/e2e/kafka-topic/simple-kafka-topic/01-kafka-topic-acl.yaml index 896da6b5..28c8aaff 100644 --- a/test/e2e/kafka-topic/simple-kafka-topic/01-kafka-topic-acl.yaml +++ b/test/e2e/kafka-topic/simple-kafka-topic/01-kafka-topic-acl.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: KafkaACL + metadata: name: k8s-test-kafka-topic-simple-kafka-topic-acl + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/kafka-topic/simple-kafka-topic/01-kafka-topic.yaml b/test/e2e/kafka-topic/simple-kafka-topic/01-kafka-topic.yaml index c2702ec8..45a0fb54 100644 --- a/test/e2e/kafka-topic/simple-kafka-topic/01-kafka-topic.yaml +++ b/test/e2e/kafka-topic/simple-kafka-topic/01-kafka-topic.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: KafkaTopic + metadata: name: k8s-test-kafka-topic-simple-kafka-topic-topic + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/kafka-topic/simple-kafka-topic/01-kafka.yaml b/test/e2e/kafka-topic/simple-kafka-topic/01-kafka.yaml index 112781b2..5cb050a0 100644 --- a/test/e2e/kafka-topic/simple-kafka-topic/01-kafka.yaml +++ b/test/e2e/kafka-topic/simple-kafka-topic/01-kafka.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Kafka + metadata: name: k8s-test-kafka-topic-simple-kafka-topic-kafka + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/kafka-topic/simple-kafka-topic/02-check-services-running.yaml b/test/e2e/kafka-topic/simple-kafka-topic/02-check-services-running.yaml index ff036986..979d71cb 100644 --- a/test/e2e/kafka-topic/simple-kafka-topic/02-check-services-running.yaml +++ b/test/e2e/kafka-topic/simple-kafka-topic/02-check-services-running.yaml @@ -1,20 +1,22 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: | - SERVICE=k8s-test-kafka-topic-simple-kafka-topic-kafka - while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; - do - sleep 10 - done -- script: | - SERVICE=k8s-test-kafka-topic-simple-kafka-topic-kafka - TOPIC=k8s-test-kafka-topic-simple-kafka-topic-topic - while ! avn --auth-token $AIVEN_TOKEN service topic-get $SERVICE $TOPIC --project aiven-ci-kubernetes-operator; - do - sleep 10 - done -- script: | + - script: | + SERVICE=k8s-test-kafka-topic-simple-kafka-topic-kafka + while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; + do + sleep 10 + done + - script: | + SERVICE=k8s-test-kafka-topic-simple-kafka-topic-kafka + TOPIC=k8s-test-kafka-topic-simple-kafka-topic-topic + while ! avn --auth-token $AIVEN_TOKEN service topic-get $SERVICE $TOPIC --project aiven-ci-kubernetes-operator; + do + sleep 10 + done + - script: |- SERVICE=k8s-test-kafka-topic-simple-kafka-topic-kafka ACLTARGET=k8s-test-kafka-topic-simple-kafka-topic-topic while ! ( avn --auth-token $AIVEN_TOKEN service acl-list $SERVICE --project aiven-ci-kubernetes-operator | grep -q $ACLTARGET ); diff --git a/test/e2e/kafka-topic/simple-kafka-topic/03-delete.yaml b/test/e2e/kafka-topic/simple-kafka-topic/03-delete.yaml index 33db2546..caaca4a7 100644 --- a/test/e2e/kafka-topic/simple-kafka-topic/03-delete.yaml +++ b/test/e2e/kafka-topic/simple-kafka-topic/03-delete.yaml @@ -1,6 +1,8 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + delete: - apiVersion: aiven.io/v1alpha1 kind: Kafka - name: k8s-test-kafka-topic-simple-kafka-topic-topic \ No newline at end of file + name: k8s-test-kafka-topic-simple-kafka-topic-topic diff --git a/test/e2e/kafka/kafka-simple-cluster/00-secret.yaml b/test/e2e/kafka/kafka-simple-cluster/00-secret.yaml index a87b3cdf..6bf18c4d 100644 --- a/test/e2e/kafka/kafka-simple-cluster/00-secret.yaml +++ b/test/e2e/kafka/kafka-simple-cluster/00-secret.yaml @@ -1,4 +1,6 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN + - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN diff --git a/test/e2e/kafka/kafka-simple-cluster/01-kafka.yaml b/test/e2e/kafka/kafka-simple-cluster/01-kafka.yaml index 8a8ae032..e2a82029 100644 --- a/test/e2e/kafka/kafka-simple-cluster/01-kafka.yaml +++ b/test/e2e/kafka/kafka-simple-cluster/01-kafka.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Kafka + metadata: name: k8s-e2e-kafka-simple + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/kafka/kafka-simple-cluster/02-check.yaml b/test/e2e/kafka/kafka-simple-cluster/02-check.yaml index 65ad105f..03f7d1a9 100644 --- a/test/e2e/kafka/kafka-simple-cluster/02-check.yaml +++ b/test/e2e/kafka/kafka-simple-cluster/02-check.yaml @@ -1,8 +1,10 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: | - while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-kafka-simple --project aiven-ci-kubernetes-operator; - do - sleep 10 - done + - script: |- + while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-kafka-simple --project aiven-ci-kubernetes-operator; + do + sleep 10 + done diff --git a/test/e2e/kafka/kafka-simple-cluster/03-delete.yaml b/test/e2e/kafka/kafka-simple-cluster/03-delete.yaml index ef0ee558..df343e6c 100644 --- a/test/e2e/kafka/kafka-simple-cluster/03-delete.yaml +++ b/test/e2e/kafka/kafka-simple-cluster/03-delete.yaml @@ -1,5 +1,7 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + delete: - apiVersion: aiven.io/v1alpha1 kind: Kafka diff --git a/test/e2e/kuttl-test.preinstalled.yaml b/test/e2e/kuttl-test.preinstalled.yaml index efb55854..3e7bd35e 100644 --- a/test/e2e/kuttl-test.preinstalled.yaml +++ b/test/e2e/kuttl-test.preinstalled.yaml @@ -1,16 +1,19 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestSuite timeout: 600 + testDirs: -- test/e2e/kafka -- test/e2e/kafka-topic -- test/e2e/kafka-connector -- test/e2e/redis -- test/e2e/opensearch -- test/e2e/clickhouse -- test/e2e/projectvpc -- test/e2e/service-integration -- test/e2e/mysql -- test/e2e/cassandra -- test/e2e/grafana + - test/e2e/kafka + - test/e2e/kafka-topic + - test/e2e/kafka-connector + - test/e2e/redis + - test/e2e/opensearch + - test/e2e/clickhouse + - test/e2e/projectvpc + - test/e2e/service-integration + - test/e2e/mysql + - test/e2e/cassandra + - test/e2e/grafana + blockOnNamespaceDelete: true diff --git a/test/e2e/kuttl-test.yaml b/test/e2e/kuttl-test.yaml index e71e5d03..1042448e 100644 --- a/test/e2e/kuttl-test.yaml +++ b/test/e2e/kuttl-test.yaml @@ -1,21 +1,25 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestSuite timeout: 9999 startKIND: true crdDir: config/crd/bases + testDirs: -- test/e2e/kafka -- test/e2e/kafka-topic -- test/e2e/kafka-connector -- test/e2e/redis -- test/e2e/opensearch -- test/e2e/clickhouse -- test/e2e/projectvpc -- test/e2e/service-integration -- test/e2e/mysql -- test/e2e/cassandra -- test/e2e/grafana + - test/e2e/kafka + - test/e2e/kafka-topic + - test/e2e/kafka-connector + - test/e2e/redis + - test/e2e/opensearch + - test/e2e/clickhouse + - test/e2e/projectvpc + - test/e2e/service-integration + - test/e2e/mysql + - test/e2e/cassandra + - test/e2e/grafana + commands: -- script: ENABLE_WEBHOOKS=false ./bin/manager --metrics-bind-address=0 --health-probe-bind-address=0 - background: true + - script: ENABLE_WEBHOOKS=false ./bin/manager --metrics-bind-address=0 --health-probe-bind-address=0 + background: true + blockOnNamespaceDelete: false diff --git a/test/e2e/mysql/mysql-simple-cluster/00-secret.yaml b/test/e2e/mysql/mysql-simple-cluster/00-secret.yaml index a87b3cdf..6bf18c4d 100644 --- a/test/e2e/mysql/mysql-simple-cluster/00-secret.yaml +++ b/test/e2e/mysql/mysql-simple-cluster/00-secret.yaml @@ -1,4 +1,6 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN + - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN diff --git a/test/e2e/mysql/mysql-simple-cluster/01-mysql.yaml b/test/e2e/mysql/mysql-simple-cluster/01-mysql.yaml index 2b1473d4..938692f9 100644 --- a/test/e2e/mysql/mysql-simple-cluster/01-mysql.yaml +++ b/test/e2e/mysql/mysql-simple-cluster/01-mysql.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: MySQL + metadata: name: k8s-e2e-mysql-simple + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/mysql/mysql-simple-cluster/02-check.yaml b/test/e2e/mysql/mysql-simple-cluster/02-check.yaml index acf4651e..801c578c 100644 --- a/test/e2e/mysql/mysql-simple-cluster/02-check.yaml +++ b/test/e2e/mysql/mysql-simple-cluster/02-check.yaml @@ -1,8 +1,10 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: | - while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-mysql-simple --project aiven-ci-kubernetes-operator; - do - sleep 10 - done + - script: |- + while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-mysql-simple --project aiven-ci-kubernetes-operator; + do + sleep 10 + done diff --git a/test/e2e/mysql/mysql-simple-cluster/03-delete.yaml b/test/e2e/mysql/mysql-simple-cluster/03-delete.yaml index 92d742ba..95aa2eb3 100644 --- a/test/e2e/mysql/mysql-simple-cluster/03-delete.yaml +++ b/test/e2e/mysql/mysql-simple-cluster/03-delete.yaml @@ -1,5 +1,7 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + delete: - apiVersion: aiven.io/v1alpha1 kind: MySQL diff --git a/test/e2e/opensearch/opensearch-simple-cluster/00-secret.yaml b/test/e2e/opensearch/opensearch-simple-cluster/00-secret.yaml index a87b3cdf..6bf18c4d 100644 --- a/test/e2e/opensearch/opensearch-simple-cluster/00-secret.yaml +++ b/test/e2e/opensearch/opensearch-simple-cluster/00-secret.yaml @@ -1,4 +1,6 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN + - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN diff --git a/test/e2e/opensearch/opensearch-simple-cluster/01-opensearch.yaml b/test/e2e/opensearch/opensearch-simple-cluster/01-opensearch.yaml index dea8a8ca..7eb52864 100644 --- a/test/e2e/opensearch/opensearch-simple-cluster/01-opensearch.yaml +++ b/test/e2e/opensearch/opensearch-simple-cluster/01-opensearch.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: OpenSearch + metadata: name: k8s-e2e-os-simple + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/opensearch/opensearch-simple-cluster/02-check.yaml b/test/e2e/opensearch/opensearch-simple-cluster/02-check.yaml index 7924659b..2e4cd39c 100644 --- a/test/e2e/opensearch/opensearch-simple-cluster/02-check.yaml +++ b/test/e2e/opensearch/opensearch-simple-cluster/02-check.yaml @@ -1,8 +1,10 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: | - while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-os-simple --project aiven-ci-kubernetes-operator; - do - sleep 10 - done + - script: |- + while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-os-simple --project aiven-ci-kubernetes-operator; + do + sleep 10 + done diff --git a/test/e2e/opensearch/opensearch-simple-cluster/03-delete.yaml b/test/e2e/opensearch/opensearch-simple-cluster/03-delete.yaml index 90dfd909..1ac2dda1 100644 --- a/test/e2e/opensearch/opensearch-simple-cluster/03-delete.yaml +++ b/test/e2e/opensearch/opensearch-simple-cluster/03-delete.yaml @@ -1,6 +1,8 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + delete: - apiVersion: aiven.io/v1alpha1 kind: OpenSearch - name: k8s-e2e-os-simple \ No newline at end of file + name: k8s-e2e-os-simple diff --git a/test/e2e/projectvpc/projectvpc-ref/00-secret.yaml b/test/e2e/projectvpc/projectvpc-ref/00-secret.yaml index a87b3cdf..6bf18c4d 100644 --- a/test/e2e/projectvpc/projectvpc-ref/00-secret.yaml +++ b/test/e2e/projectvpc/projectvpc-ref/00-secret.yaml @@ -1,4 +1,6 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN + - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN diff --git a/test/e2e/projectvpc/projectvpc-ref/01-resources.yaml b/test/e2e/projectvpc/projectvpc-ref/01-resources.yaml index 1b5e7c73..174f3d6a 100644 --- a/test/e2e/projectvpc/projectvpc-ref/01-resources.yaml +++ b/test/e2e/projectvpc/projectvpc-ref/01-resources.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: ProjectVPC + metadata: name: k8s-e2e-projectvpc-ref + spec: project: aiven-ci-kubernetes-operator cloudName: google-europe-west1 @@ -15,8 +18,10 @@ spec: apiVersion: aiven.io/v1alpha1 kind: Kafka + metadata: name: k8s-e2e-projectvpc-ref-kafka + spec: project: aiven-ci-kubernetes-operator cloudName: google-europe-west1 @@ -36,8 +41,10 @@ spec: apiVersion: aiven.io/v1alpha1 kind: OpenSearch + metadata: name: k8s-e2e-projectvpc-ref-os + spec: project: aiven-ci-kubernetes-operator cloudName: google-europe-west1 @@ -57,8 +64,10 @@ spec: apiVersion: aiven.io/v1alpha1 kind: Redis + metadata: name: k8s-e2e-projectvpc-ref-redis + spec: project: aiven-ci-kubernetes-operator cloudName: google-europe-west1 diff --git a/test/e2e/projectvpc/projectvpc-ref/02-check.yaml b/test/e2e/projectvpc/projectvpc-ref/02-check.yaml index eff6c6b8..db3423b2 100644 --- a/test/e2e/projectvpc/projectvpc-ref/02-check.yaml +++ b/test/e2e/projectvpc/projectvpc-ref/02-check.yaml @@ -1,33 +1,35 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: | - while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-projectvpc-ref-kafka --project aiven-ci-kubernetes-operator; - do - sleep 10 - done -- script: | - while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-projectvpc-ref-os --project aiven-ci-kubernetes-operator; - do - sleep 10 - done -- script: | - while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-projectvpc-ref-redis --project aiven-ci-kubernetes-operator; - do - sleep 10 - done -- script: | - while ! avn service get k8s-e2e-projectvpc-ref-kafka --project aiven-ci-kubernetes-operator --json | grep -c -E '"project_vpc_id":\s*"[0-9a-z-]+"' - do - sleep 10 - done -- script: | - while ! avn service get k8s-e2e-projectvpc-ref-os --project aiven-ci-kubernetes-operator --json | grep -c -E '"project_vpc_id":\s*"[0-9a-z-]+"' - do - sleep 10 - done -- script: | - while ! avn service get k8s-e2e-projectvpc-ref-redis --project aiven-ci-kubernetes-operator --json | grep -c -E '"project_vpc_id":\s*"[0-9a-z-]+"' - do - sleep 10 - done + - script: | + while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-projectvpc-ref-kafka --project aiven-ci-kubernetes-operator; + do + sleep 10 + done + - script: | + while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-projectvpc-ref-os --project aiven-ci-kubernetes-operator; + do + sleep 10 + done + - script: | + while ! avn --auth-token $AIVEN_TOKEN service wait k8s-e2e-projectvpc-ref-redis --project aiven-ci-kubernetes-operator; + do + sleep 10 + done + - script: | + while ! avn service get k8s-e2e-projectvpc-ref-kafka --project aiven-ci-kubernetes-operator --json | grep -c -E '"project_vpc_id":\s*"[0-9a-z-]+"' + do + sleep 10 + done + - script: | + while ! avn service get k8s-e2e-projectvpc-ref-os --project aiven-ci-kubernetes-operator --json | grep -c -E '"project_vpc_id":\s*"[0-9a-z-]+"' + do + sleep 10 + done + - script: |- + while ! avn service get k8s-e2e-projectvpc-ref-redis --project aiven-ci-kubernetes-operator --json | grep -c -E '"project_vpc_id":\s*"[0-9a-z-]+"' + do + sleep 10 + done diff --git a/test/e2e/projectvpc/projectvpc-ref/03-delete.yaml b/test/e2e/projectvpc/projectvpc-ref/03-delete.yaml index d9d7c99e..24f0dbbc 100644 --- a/test/e2e/projectvpc/projectvpc-ref/03-delete.yaml +++ b/test/e2e/projectvpc/projectvpc-ref/03-delete.yaml @@ -1,5 +1,7 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + delete: - apiVersion: aiven.io/v1alpha1 kind: Kafka diff --git a/test/e2e/redis/redis-simple-cluster/00-secret.yaml b/test/e2e/redis/redis-simple-cluster/00-secret.yaml index a87b3cdf..6bf18c4d 100644 --- a/test/e2e/redis/redis-simple-cluster/00-secret.yaml +++ b/test/e2e/redis/redis-simple-cluster/00-secret.yaml @@ -1,4 +1,6 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN + - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN diff --git a/test/e2e/redis/redis-simple-cluster/01-redis.yaml b/test/e2e/redis/redis-simple-cluster/01-redis.yaml index b5d39a4e..7f11884e 100644 --- a/test/e2e/redis/redis-simple-cluster/01-redis.yaml +++ b/test/e2e/redis/redis-simple-cluster/01-redis.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Redis + metadata: name: k8s-redis-simple + spec: authSecretRef: name: aiven-token @@ -19,4 +22,4 @@ spec: maintenanceWindowTime: 23:00:00 userConfig: - redis_maxmemory_policy: "allkeys-random" + redis_maxmemory_policy: allkeys-random diff --git a/test/e2e/redis/redis-simple-cluster/02-check.yaml b/test/e2e/redis/redis-simple-cluster/02-check.yaml index e083b132..f4931c75 100644 --- a/test/e2e/redis/redis-simple-cluster/02-check.yaml +++ b/test/e2e/redis/redis-simple-cluster/02-check.yaml @@ -1,8 +1,10 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: | - while ! avn --auth-token $AIVEN_TOKEN service wait k8s-redis-simple --project aiven-ci-kubernetes-operator; - do - sleep 10 - done + - script: |- + while ! avn --auth-token $AIVEN_TOKEN service wait k8s-redis-simple --project aiven-ci-kubernetes-operator; + do + sleep 10 + done diff --git a/test/e2e/redis/redis-simple-cluster/03-delete.yaml b/test/e2e/redis/redis-simple-cluster/03-delete.yaml index 36b40b70..252932e0 100644 --- a/test/e2e/redis/redis-simple-cluster/03-delete.yaml +++ b/test/e2e/redis/redis-simple-cluster/03-delete.yaml @@ -1,6 +1,8 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + delete: - apiVersion: aiven.io/v1alpha1 kind: Redis - name: k8s-redis-simple \ No newline at end of file + name: k8s-redis-simple diff --git a/test/e2e/service-integration/clickhouse-postgresql/00-secret.yaml b/test/e2e/service-integration/clickhouse-postgresql/00-secret.yaml index a87b3cdf..6bf18c4d 100644 --- a/test/e2e/service-integration/clickhouse-postgresql/00-secret.yaml +++ b/test/e2e/service-integration/clickhouse-postgresql/00-secret.yaml @@ -1,4 +1,6 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN + - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN diff --git a/test/e2e/service-integration/clickhouse-postgresql/01-clickhouse.yaml b/test/e2e/service-integration/clickhouse-postgresql/01-clickhouse.yaml index 57eeb250..3dbe6aef 100644 --- a/test/e2e/service-integration/clickhouse-postgresql/01-clickhouse.yaml +++ b/test/e2e/service-integration/clickhouse-postgresql/01-clickhouse.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Clickhouse + metadata: name: k8s-e2e-test-ch-integration + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/service-integration/clickhouse-postgresql/01-postgresql.yaml b/test/e2e/service-integration/clickhouse-postgresql/01-postgresql.yaml index 8cd82e01..16790799 100644 --- a/test/e2e/service-integration/clickhouse-postgresql/01-postgresql.yaml +++ b/test/e2e/service-integration/clickhouse-postgresql/01-postgresql.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: PostgreSQL + metadata: name: k8s-e2e-test-pg-integration + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/service-integration/clickhouse-postgresql/02-check-services-running.yaml b/test/e2e/service-integration/clickhouse-postgresql/02-check-services-running.yaml index 9d9014a3..22e9a242 100644 --- a/test/e2e/service-integration/clickhouse-postgresql/02-check-services-running.yaml +++ b/test/e2e/service-integration/clickhouse-postgresql/02-check-services-running.yaml @@ -1,15 +1,17 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: | - SERVICE=k8s-e2e-test-ch-integration - while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; - do - sleep 10 - done -- script: | - SERVICE=k8s-e2e-test-pg-integration - while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; - do - sleep 10 - done + - script: | + SERVICE=k8s-e2e-test-ch-integration + while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; + do + sleep 10 + done + - script: |- + SERVICE=k8s-e2e-test-pg-integration + while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; + do + sleep 10 + done diff --git a/test/e2e/service-integration/clickhouse-postgresql/03-service-integration.yaml b/test/e2e/service-integration/clickhouse-postgresql/03-service-integration.yaml index 7cbb3330..c1208f48 100644 --- a/test/e2e/service-integration/clickhouse-postgresql/03-service-integration.yaml +++ b/test/e2e/service-integration/clickhouse-postgresql/03-service-integration.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: ServiceIntegration + metadata: name: k8s-test-service-integration-clickhouse-postgresql + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/service-integration/clickhouse-postgresql/04-check-integration.yaml b/test/e2e/service-integration/clickhouse-postgresql/04-check-integration.yaml index a78d5d4e..59c7c3b6 100644 --- a/test/e2e/service-integration/clickhouse-postgresql/04-check-integration.yaml +++ b/test/e2e/service-integration/clickhouse-postgresql/04-check-integration.yaml @@ -1,9 +1,11 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: | - SERVICE=k8s-e2e-test-pg-integration - while ! avn service integration-list $SERVICE --json | jq '.[] | select(.integration_type == "clickhouse_postgresql" and .active == true)' - do - sleep 10 - done + - script: |- + SERVICE=k8s-e2e-test-pg-integration + while ! avn service integration-list $SERVICE --json | jq '.[] | select(.integration_type == "clickhouse_postgresql" and .active == true)' + do + sleep 10 + done diff --git a/test/e2e/service-integration/clickhouse-postgresql/05-delete.yaml b/test/e2e/service-integration/clickhouse-postgresql/05-delete.yaml index d891c041..881853f2 100644 --- a/test/e2e/service-integration/clickhouse-postgresql/05-delete.yaml +++ b/test/e2e/service-integration/clickhouse-postgresql/05-delete.yaml @@ -1,5 +1,7 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + delete: - apiVersion: aiven.io/v1alpha1 kind: ServiceIntegration diff --git a/test/e2e/service-integration/kafka-logs/00-secret.yaml b/test/e2e/service-integration/kafka-logs/00-secret.yaml index a87b3cdf..6bf18c4d 100644 --- a/test/e2e/service-integration/kafka-logs/00-secret.yaml +++ b/test/e2e/service-integration/kafka-logs/00-secret.yaml @@ -1,4 +1,6 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN + - script: kubectl --namespace $NAMESPACE create secret generic aiven-token --from-literal=token=$AIVEN_TOKEN diff --git a/test/e2e/service-integration/kafka-logs/01-kafka-topic.yaml b/test/e2e/service-integration/kafka-logs/01-kafka-topic.yaml index d4b70c3d..7a7f8fa4 100644 --- a/test/e2e/service-integration/kafka-logs/01-kafka-topic.yaml +++ b/test/e2e/service-integration/kafka-logs/01-kafka-topic.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: KafkaTopic + metadata: name: k8s-test-service-integration-kafka-logs-topic + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/service-integration/kafka-logs/01-kafka.yaml b/test/e2e/service-integration/kafka-logs/01-kafka.yaml index 7a3f955c..11a733e1 100644 --- a/test/e2e/service-integration/kafka-logs/01-kafka.yaml +++ b/test/e2e/service-integration/kafka-logs/01-kafka.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: Kafka + metadata: name: k8s-test-service-integration-kafka-logs-kafka + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/service-integration/kafka-logs/02-check-services-running.yaml b/test/e2e/service-integration/kafka-logs/02-check-services-running.yaml index 1e2d7105..24c96fe0 100644 --- a/test/e2e/service-integration/kafka-logs/02-check-services-running.yaml +++ b/test/e2e/service-integration/kafka-logs/02-check-services-running.yaml @@ -1,16 +1,18 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: | - SERVICE=k8s-test-service-integration-kafka-logs-kafka - while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; - do - sleep 10 - done -- script: | - SERVICE=k8s-test-service-integration-kafka-logs-kafka - TOPIC=k8s-test-service-integration-kafka-logs-topic - while ! avn --auth-token $AIVEN_TOKEN service topic-get $SERVICE $TOPIC --project aiven-ci-kubernetes-operator; - do - sleep 10 - done + - script: | + SERVICE=k8s-test-service-integration-kafka-logs-kafka + while ! avn --auth-token $AIVEN_TOKEN service wait $SERVICE --project aiven-ci-kubernetes-operator; + do + sleep 10 + done + - script: |- + SERVICE=k8s-test-service-integration-kafka-logs-kafka + TOPIC=k8s-test-service-integration-kafka-logs-topic + while ! avn --auth-token $AIVEN_TOKEN service topic-get $SERVICE $TOPIC --project aiven-ci-kubernetes-operator; + do + sleep 10 + done diff --git a/test/e2e/service-integration/kafka-logs/03-service-integration.yaml b/test/e2e/service-integration/kafka-logs/03-service-integration.yaml index 6854293c..e5f83af5 100644 --- a/test/e2e/service-integration/kafka-logs/03-service-integration.yaml +++ b/test/e2e/service-integration/kafka-logs/03-service-integration.yaml @@ -1,7 +1,10 @@ +--- apiVersion: aiven.io/v1alpha1 kind: ServiceIntegration + metadata: name: k8s-test-service-integration-kafka-logs-service-integration + spec: authSecretRef: name: aiven-token diff --git a/test/e2e/service-integration/kafka-logs/04-check-topic.yaml b/test/e2e/service-integration/kafka-logs/04-check-topic.yaml index 35beb1ea..ea7495b8 100644 --- a/test/e2e/service-integration/kafka-logs/04-check-topic.yaml +++ b/test/e2e/service-integration/kafka-logs/04-check-topic.yaml @@ -1,22 +1,24 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + commands: -- script: | - TMPDIR=$(mktemp -d) - trap "rm -rf $TMPDIR" EXIT + - script: |- + TMPDIR=$(mktemp -d) + trap "rm -rf $TMPDIR" EXIT + + kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.CA_CERT -r | base64 -w0 -d >> $TMPDIR/ca.crt + kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.ACCESS_CERT -r | base64 -w0 -d >> $TMPDIR/service.crt + kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.ACCESS_KEY -r | base64 -w0 -d >> $TMPDIR/service.key - kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.CA_CERT -r | base64 -w0 -d >> $TMPDIR/ca.crt - kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.ACCESS_CERT -r | base64 -w0 -d >> $TMPDIR/service.crt - kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.ACCESS_KEY -r | base64 -w0 -d >> $TMPDIR/service.key + HOST=$(kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.HOST -r | base64 -d) + PORT=$(kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.PORT -r | base64 -d) + TOPIC=k8s-test-service-integration-kafka-logs-topic - HOST=$(kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.HOST -r | base64 -d) - PORT=$(kubectl --namespace $NAMESPACE get secret kafka-secret -ojson | jq .data.PORT -r | base64 -d) - TOPIC=k8s-test-service-integration-kafka-logs-topic - - kcat \ - -b $HOST:$PORT \ - -X security.protocol=SSL \ - -X ssl.ca.location=$TMPDIR/ca.crt \ - -X ssl.certificate.location=$TMPDIR/service.crt \ - -X ssl.key.location=$TMPDIR/service.key \ - -C -t $TOPIC -c 1 + kcat \ + -b $HOST:$PORT \ + -X security.protocol=SSL \ + -X ssl.ca.location=$TMPDIR/ca.crt \ + -X ssl.certificate.location=$TMPDIR/service.crt \ + -X ssl.key.location=$TMPDIR/service.key \ + -C -t $TOPIC -c 1 diff --git a/test/e2e/service-integration/kafka-logs/05-delete.yaml b/test/e2e/service-integration/kafka-logs/05-delete.yaml index f596dfde..34ba41ee 100644 --- a/test/e2e/service-integration/kafka-logs/05-delete.yaml +++ b/test/e2e/service-integration/kafka-logs/05-delete.yaml @@ -1,6 +1,8 @@ +--- apiVersion: kuttl.dev/v1beta1 kind: TestStep + delete: - apiVersion: aiven.io/v1alpha1 kind: Kafka - name: k8s-test-service-integration-kafka-logs-kafka \ No newline at end of file + name: k8s-test-service-integration-kafka-logs-kafka diff --git a/tests/kafkaconnect_test.go b/tests/kafkaconnect_test.go index 32978b36..fb9dd8fd 100644 --- a/tests/kafkaconnect_test.go +++ b/tests/kafkaconnect_test.go @@ -30,7 +30,7 @@ spec: project: %[1]s cloudName: %[3]s plan: business-4 - + userConfig: kafka_connect: consumer_isolation_level: read_committed diff --git a/tests/postgresql_test.go b/tests/postgresql_test.go index 408ad0db..9b12023d 100644 --- a/tests/postgresql_test.go +++ b/tests/postgresql_test.go @@ -171,7 +171,7 @@ spec: tags: env: prod instance: pg - + userConfig: pg_version: "14" `, project, pgName, cloudName) diff --git a/yamlfix.toml b/yamlfix.toml new file mode 100644 index 00000000..67e935e2 --- /dev/null +++ b/yamlfix.toml @@ -0,0 +1,2 @@ +whitelines = 1 +section_whitelines = 1