diff --git a/.github/workflows/build-openstack-operator.yaml b/.github/workflows/build-openstack-operator.yaml index c6fcf0f3c..4a3547af0 100644 --- a/.github/workflows/build-openstack-operator.yaml +++ b/.github/workflows/build-openstack-operator.yaml @@ -18,7 +18,6 @@ jobs: go_version: 1.21.x operator_sdk_version: 1.31.0 bundle_dockerfile: ./bundle.Dockerfile - catalog_extra_bundles_script: ./hack/pin-bundle-images.sh secrets: IMAGENAMESPACE: ${{ secrets.IMAGENAMESPACE }} QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} diff --git a/.gitignore b/.gitignore index 116da3b77..a70eb49df 100644 --- a/.gitignore +++ b/.gitignore @@ -5,7 +5,7 @@ *.dll *.so *.dylib -bin +bin/* testbin/* bundle/* diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 56ad6d089..e75528744 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -26,10 +26,17 @@ repos: args: ['operator-lint'] pass_filenames: false - id: make-crd-schema-check + require_serial: true name: make-crd-schema-check language: system entry: make args: ['crd-schema-check'] + - id: make-bindata + require_serial: true + name: make-bindata + language: system + entry: make + args: ['bindata'] pass_filenames: false - repo: https://github.com/pre-commit/pre-commit-hooks @@ -47,6 +54,7 @@ repos: - id: destroyed-symlinks - id: check-yaml args: [-m] + exclude: '^bindata/operator|^config/operator' - id: check-json - id: detect-private-key - id: end-of-file-fixer diff --git a/Dockerfile b/Dockerfile index 15f279e9b..368c1615e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,8 +26,10 @@ RUN if [ ! -f $CACHITO_ENV_FILE ]; then go mod download ; fi # Build manager RUN if [ -f $CACHITO_ENV_FILE ] ; then source $CACHITO_ENV_FILE ; fi ; env ${GO_BUILD_EXTRA_ENV_ARGS} go build ${GO_BUILD_EXTRA_ARGS} -a -o ${DEST_ROOT}/manager main.go +RUN if [ -f $CACHITO_ENV_FILE ] ; then source $CACHITO_ENV_FILE ; fi ; env ${GO_BUILD_EXTRA_ENV_ARGS} go build ${GO_BUILD_EXTRA_ARGS} -a -o ${DEST_ROOT}/operator cmd/operator/main.go RUN cp -r config/services ${DEST_ROOT}/services +RUN cp -r bindata ${DEST_ROOT}/bindata # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details @@ -65,9 +67,11 @@ WORKDIR / # Install operator binary to WORKDIR COPY --from=builder ${DEST_ROOT}/manager . +COPY --from=builder ${DEST_ROOT}/operator . # Install services COPY --from=builder ${DEST_ROOT}/services ${OPERATOR_SERVICES} +COPY --from=builder ${DEST_ROOT}/bindata /bindata USER $USER_ID diff --git a/Makefile b/Makefile index 654a67c87..b616d098c 100644 --- a/Makefile +++ b/Makefile @@ -131,15 +131,30 @@ help: ## Display this help. ##@ Development +# (dprince) FIXME: controller-gen crd didn't seem to like multiple paths so I didn't split it. So we can continue using kubebuilder +# I did split out the rbac for both binaries so we can use separate roles .PHONY: manifests manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - $(CONTROLLER_GEN) rbac:roleName=manager-role crd$(CRDDESC_OVERRIDE) webhook paths="./..." output:crd:artifacts:config=config/crd/bases && \ + mkdir -p config/operator/rbac && \ + $(CONTROLLER_GEN) crd$(CRDDESC_OVERRIDE) output:crd:artifacts:config=config/crd/bases webhook paths="./..." && \ + $(CONTROLLER_GEN) rbac:roleName=manager-role paths="{./apis/client/...,./apis/core/...,./apis/dataplane/...,./controllers/client/...,./controllers/core/...,./controllers/dataplane/...,./pkg/...}" output:dir=config/rbac && \ + $(CONTROLLER_GEN) rbac:roleName=operator-role paths="./controllers/operator/..." paths="./apis/operator/..." output:dir=config/operator/rbac && \ rm -f apis/bases/* && cp -a config/crd/bases apis/ .PHONY: generate generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." +.PHONY: bindata +bindata: kustomize yq ## Build docker image with the manager. + mkdir -p bindata/crds bindata/rbac bindata/operator + $(KUSTOMIZE) build config/crd > bindata/crds/crds.yaml + $(KUSTOMIZE) build config/default > bindata/operator/operator.yaml + cp config/operator/managers.yaml bindata/operator/ + cp config/operator/rabbit.yaml bindata/operator/ + $(KUSTOMIZE) build config/rbac > bindata/rbac/rbac.yaml + /bin/bash hack/sync-bindata.sh + .PHONY: fmt fmt: ## Run go fmt against code. go fmt ./... @@ -196,6 +211,7 @@ cover: test ## Run tests and display functional test coverage .PHONY: build build: generate fmt vet ## Build manager binary. go build -o bin/manager main.go + go build -o bin/operator cmd/operator/main.go .PHONY: run run: export METRICS_PORT?=8080 @@ -206,8 +222,18 @@ run: manifests generate fmt vet ## Run a controller from your host. source hack/export_related_images.sh && \ go run ./main.go -metrics-bind-address ":$(METRICS_PORT)" -health-probe-bind-address ":$(HEALTH_PORT)" +.PHONY: run-operator +run-operator: export METRICS_PORT?=8080 +run-operator: export HEALTH_PORT?=8081 +run-operator: export ENABLE_WEBHOOKS?=false +run-operator: export BASE_BINDATA?=bindata +run-operator: export OPERATOR_IMAGE_URL=${IMG} +run-operator: manifests generate fmt vet ## Run a controller from your host. + source hack/export_operator_related_images.sh && \ + go run ./cmd/operator/main.go -metrics-bind-address ":$(METRICS_PORT)" -health-probe-bind-address ":$(HEALTH_PORT)" + .PHONY: docker-build -docker-build: ## Build docker image with the manager. +docker-build: ## Build docker image with the manager. podman build -t ${IMG} . ${DOCKER_BUILD_ARGS} .PHONY: docker-push @@ -272,7 +298,7 @@ GINKGO_TESTS ?= ./tests/... ./apis/client/... ./apis/core/... ./apis/dataplane/. KUTTL ?= $(LOCALBIN)/kubectl-kuttl ## Tool Versions -KUSTOMIZE_VERSION ?= v3.8.7 +KUSTOMIZE_VERSION ?= v5.5.0 #(dprince: bumped to aquire new features like --load-restrictor) CONTROLLER_TOOLS_VERSION ?= v0.14.0 CRD_MARKDOWN_VERSION ?= v0.0.3 KUTTL_VERSION ?= 0.17.0 @@ -340,11 +366,10 @@ endif .PHONY: bundle bundle: build manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. $(OPERATOR_SDK) generate kustomize manifests -q - cd config/manager && \ - $(KUSTOMIZE) edit set image controller=$(IMG) && \ - $(KUSTOMIZE) edit add patch --kind Deployment --name controller-manager --namespace system --patch "[{\"op\": \"replace\", \"path\": \"/spec/template/spec/containers/0/env/0\", \"value\": {\"name\": \"OPENSTACK_RELEASE_VERSION\", \"value\": \"$(OPENSTACK_RELEASE_VERSION)\"}}]" - $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS) - cp dependencies.yaml ./bundle/metadata + cd config/operator/deployment/ && $(KUSTOMIZE) edit set image controller=$(IMG) && \ + $(KUSTOMIZE) edit add patch --kind Deployment --name controller-operator --namespace system --patch "[{\"op\": \"replace\", \"path\": \"/spec/template/spec/containers/0/env/0\", \"value\": {\"name\": \"OPENSTACK_RELEASE_VERSION\", \"value\": \"$(OPENSTACK_RELEASE_VERSION)\"}}]" + sed -i -e 's|operator:image|$(IMG)|' config/operator/deployment/deployment.yaml + $(KUSTOMIZE) build config/operator --load-restrictor='LoadRestrictionsNone' | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS) $(OPERATOR_SDK) bundle validate ./bundle .PHONY: bundle-build diff --git a/PROJECT b/PROJECT index 6112f528e..3a611a529 100644 --- a/PROJECT +++ b/PROJECT @@ -77,4 +77,13 @@ resources: kind: OpenStackDataPlaneDeployment path: github.com/openstack-k8s-operators/openstack-operator/apis/dataplane/v1beta1 version: v1beta1 +- api: + crdVersion: v1 + namespaced: true + controller: true + domain: openstack.org + group: operator + kind: OpenStack + path: github.com/openstack-k8s-operators/openstack-operator/apis/operator/v1beta1 + version: v1beta1 version: "3" diff --git a/apis/bases/operator.openstack.org_openstacks.yaml b/apis/bases/operator.openstack.org_openstacks.yaml new file mode 100644 index 000000000..ca4161ede --- /dev/null +++ b/apis/bases/operator.openstack.org_openstacks.yaml @@ -0,0 +1,71 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: openstacks.operator.openstack.org +spec: + group: operator.openstack.org + names: + kind: OpenStack + listKind: OpenStackList + plural: openstacks + singular: openstack + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.deployedOperatorCount + name: Deployed Operator Count + type: integer + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + deployedOperatorCount: + type: integer + observedGeneration: + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/apis/operator/v1beta1/conditions.go b/apis/operator/v1beta1/conditions.go new file mode 100644 index 000000000..0019582da --- /dev/null +++ b/apis/operator/v1beta1/conditions.go @@ -0,0 +1,46 @@ +/* + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition" +) + +// OpenStack Condition Types used by API objects. +const ( + // OpenStackOperatorReadyCondition Status=True condition which indicates if operators have been deployed + OpenStackOperatorReadyCondition condition.Type = "OpenStackOperatorReadyCondition" +) + +// Common Messages used by Openstack operator +const ( + // + // OpenStackOperator condition messages + // + + // OpenStackOperatorErrorMessage + OpenStackOperatorErrorMessage = "OpenStackOperator error occured %s" + + // OpenStackOperatorReadyInitMessage + OpenStackOperatorReadyInitMessage = "OpenStackOperator not started" + + // OpenStackOperatorReadyRunningMessage + OpenStackOperatorReadyRunningMessage = "OpenStackOperator in progress" + + // OpenStackOperatorReadyMessage + OpenStackOperatorReadyMessage = "OpenStackOperator completed" + +) diff --git a/apis/operator/v1beta1/groupversion_info.go b/apis/operator/v1beta1/groupversion_info.go new file mode 100644 index 000000000..bb209aea5 --- /dev/null +++ b/apis/operator/v1beta1/groupversion_info.go @@ -0,0 +1,36 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1beta1 contains API Schema definitions for the operator v1beta1 API group +// +kubebuilder:object:generate=true +// +groupName=operator.openstack.org +package v1beta1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "operator.openstack.org", Version: "v1beta1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/apis/operator/v1beta1/openstack_types.go b/apis/operator/v1beta1/openstack_types.go new file mode 100644 index 000000000..9d9a0860a --- /dev/null +++ b/apis/operator/v1beta1/openstack_types.go @@ -0,0 +1,66 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// OpenStackSpec defines the desired state of OpenStack +type OpenStackSpec struct { +} + +// OpenStackStatus defines the observed state of OpenStack +type OpenStackStatus struct { + + // +operator-sdk:csv:customresourcedefinitions:type=status,xDescriptors={"urn:alm:descriptor:io.kubernetes.conditions"} + // Conditions + Conditions condition.Conditions `json:"conditions,omitempty" optional:"true"` + + // DeployedOperatorCount - the number of operators deployed + DeployedOperatorCount *int `json:"deployedOperatorCount,omitempty"` + + // ObservedGeneration - the most recent generation observed for this object. + ObservedGeneration int64 `json:"observedGeneration,omitempty"` // no spec yet so maybe we don't need this +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Deployed Operator Count",type=integer,JSONPath=`.status.deployedOperatorCount` +// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[0].status",description="Status" +// OpenStack is the Schema for the openstacks API +type OpenStack struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec OpenStackSpec `json:"spec,omitempty"` + Status OpenStackStatus `json:"status,omitempty"` +} + +//+kubebuilder:object:root=true + +// OpenStackList contains a list of OpenStack +type OpenStackList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []OpenStack `json:"items"` +} + +func init() { + SchemeBuilder.Register(&OpenStack{}, &OpenStackList{}) +} diff --git a/apis/operator/v1beta1/zz_generated.deepcopy.go b/apis/operator/v1beta1/zz_generated.deepcopy.go new file mode 100644 index 000000000..4c181de9a --- /dev/null +++ b/apis/operator/v1beta1/zz_generated.deepcopy.go @@ -0,0 +1,127 @@ +//go:build !ignore_autogenerated + +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "github.com/openstack-k8s-operators/lib-common/modules/common/condition" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenStack) DeepCopyInto(out *OpenStack) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenStack. +func (in *OpenStack) DeepCopy() *OpenStack { + if in == nil { + return nil + } + out := new(OpenStack) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OpenStack) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenStackList) DeepCopyInto(out *OpenStackList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]OpenStack, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenStackList. +func (in *OpenStackList) DeepCopy() *OpenStackList { + if in == nil { + return nil + } + out := new(OpenStackList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OpenStackList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenStackSpec) DeepCopyInto(out *OpenStackSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenStackSpec. +func (in *OpenStackSpec) DeepCopy() *OpenStackSpec { + if in == nil { + return nil + } + out := new(OpenStackSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenStackStatus) DeepCopyInto(out *OpenStackStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make(condition.Conditions, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DeployedOperatorCount != nil { + in, out := &in.DeployedOperatorCount, &out.DeployedOperatorCount + *out = new(int) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenStackStatus. +func (in *OpenStackStatus) DeepCopy() *OpenStackStatus { + if in == nil { + return nil + } + out := new(OpenStackStatus) + in.DeepCopyInto(out) + return out +} diff --git a/bindata/crds/barbican.openstack.org_barbicanapis.yaml b/bindata/crds/barbican.openstack.org_barbicanapis.yaml new file mode 100644 index 000000000..4c6f10ac4 --- /dev/null +++ b/bindata/crds/barbican.openstack.org_barbicanapis.yaml @@ -0,0 +1,622 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: barbicanapis.barbican.openstack.org +spec: + group: barbican.openstack.org + names: + kind: BarbicanAPI + listKind: BarbicanAPIList + plural: barbicanapis + singular: barbicanapi + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: BarbicanAPI is the Schema for the barbicanapis API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BarbicanAPISpec defines the desired state of BarbicanAPI + properties: + containerImage: + description: ContainerImage - Barbican Container Image URL (will be + set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: barbican + description: DatabaseAccount - optional MariaDBAccount CR name used + for barbican DB, defaults to barbican + type: string + databaseHostname: + description: DatabaseHostname - Barbican Database Hostname + type: string + databaseInstance: + description: |- + MariaDB instance name + TODO(dmendiza): Is this comment right? + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + enableSecureRBAC: + default: true + description: EnableSecureRBAC - Enable Consistent and Secure RBAC + policies + type: boolean + enabledSecretStores: + items: + description: This SecretStore type is used by the EnabledSecretStores + variable inside the specification. + enum: + - simple_crypto + - pkcs11 + type: string + maxItems: 2 + minItems: 1 + type: array + x-kubernetes-list-type: set + globalDefaultSecretStore: + default: simple_crypto + description: This SecretStore type is used by the EnabledSecretStores + variable inside the specification. + enum: + - simple_crypto + - pkcs11 + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this component. Setting here overrides + any global NodeSelector settings within the Barbican CR. + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelectors: + default: + service: BarbicanPassword + simplecryptokek: BarbicanSimpleCryptoKEK + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret + properties: + service: + default: BarbicanPassword + description: Service - Selector to get the barbican service user + password from the Secret + type: string + simplecryptokek: + default: SimpleCryptoKEK + type: string + type: object + pkcs11: + description: BarbicanPKCS11Template - Includes all common HSM properties + properties: + AESGCMGenerateIV: + default: true + description: Generate IVs for CKM_AES_GCM mechanism + type: boolean + HMACKeyType: + default: CKK_GENERIC_SECRET + description: HMAC Key Type + type: string + HMACKeygenMechanism: + default: CKM_GENERIC_SECRET_KEY_GEN + description: HMAC Keygen Mechanism + type: string + HMACLabel: + description: Label to identify HMAC key in the HSM (must not be + the same as MKEK label) + type: string + HMACMechanism: + default: CKM_SHA256_HMAC + description: HMAC Mechanism. This replaces hsm_keywrap_mechanism + type: string + MKEKLabel: + description: Label to identify master KEK in the HSM (must not + be the same as HMAC label) + type: string + MKEKLength: + default: 32 + description: Length in bytes of master KEK + type: integer + OSLockingOK: + default: false + description: Set os_locking_ok + type: boolean + alwaysSetCKASensitive: + default: true + description: Always set cka_sensitive + type: boolean + certificatesMountPoint: + description: The mounting point where the certificates will be + copied to (e.g., /usr/local/luna/config/certs). + type: string + certificatesSecret: + description: The OpenShift secret that stores the HSM certificates. + type: string + clientAddress: + description: The IP address of the client connecting to the HSM + (X.Y.Z.K) + type: string + encryptionMechanism: + default: CKM_AES_GCM + description: Secret encryption mechanism + type: string + keyWrapGenerateIV: + default: true + description: Generate IVs for the key wrap mechanism + type: boolean + keyWrapMechanism: + default: CKM_AES_KEY_WRAP_KWP + description: Key wrap mechanism + type: string + libraryPath: + description: Path to vendor's PKCS11 library + type: string + loggingLevel: + default: 4 + description: Level of logging, where 0 means "no logging" and + 7 means "debug". + maximum: 7 + minimum: 0 + type: integer + loginSecret: + description: OpenShift secret that stores the password to login + to the PKCS11 session + type: string + serverAddress: + description: The HSM's IPv4 address (X.Y.Z.K) + type: string + slotId: + description: |- + One of TokenSerialNumber, TokenLabels or SlotId must + be defined. SlotId is used if none of the others is defined + type: string + tokenLabels: + description: |- + Token labels used to identify the token to be used. + One of TokenSerialNumber, TokenLabels or SlotId must + be specified. TokenLabels takes priority over SlotId. + This can be a comma separated string of labels + type: string + tokenSerialNumber: + description: |- + Token serial number used to identify the token to be used. + One of TokenSerialNumber, TokenLabels or SlotId must + be defined. TokenSerialNumber takes priority over + TokenLabels and SlotId + type: string + type: + description: 'A string containing the HSM type (currently supported: + "luna").' + type: string + required: + - HMACLabel + - MKEKLabel + - libraryPath + - loginSecret + - serverAddress + - type + type: object + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Barbican + type: string + replicas: + default: 1 + description: Replicas of Barbican API to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + default: osp-secret + description: Secret containing all passwords / keys needed + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Barbican services the default SA name + type: string + serviceUser: + default: barbican + description: ServiceUser - optional username used for this service + to register in keystone + type: string + simpleCryptoBackendSecret: + default: osp-secret + description: Secret containing the Key Encryption Key (KEK) used for + the Simple Crypto backend + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret for + the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + public: + description: Public GenericService - holds the secret for + the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + required: + - containerImage + - databaseHostname + - databaseInstance + - rabbitMqClusterName + - serviceAccount + type: object + status: + description: BarbicanAPIStatus defines the observed state of BarbicanAPI + properties: + apiEndpoint: + additionalProperties: + type: string + description: API endpoint + type: object + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + description: Barbican Database Hostname + type: string + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + readyCount: + description: ReadyCount of barbican API instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/barbican.openstack.org_barbicankeystonelisteners.yaml b/bindata/crds/barbican.openstack.org_barbicankeystonelisteners.yaml new file mode 100644 index 000000000..05a10cddd --- /dev/null +++ b/bindata/crds/barbican.openstack.org_barbicankeystonelisteners.yaml @@ -0,0 +1,436 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: barbicankeystonelisteners.barbican.openstack.org +spec: + group: barbican.openstack.org + names: + kind: BarbicanKeystoneListener + listKind: BarbicanKeystoneListenerList + plural: barbicankeystonelisteners + singular: barbicankeystonelistener + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: BarbicanKeystoneListener is the Schema for the barbicankeystonelistener + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BarbicanKeystoneListenerSpec defines the desired state of + BarbicanKeystoneListener + properties: + containerImage: + description: ContainerImage - Barbican Container Image URL (will be + set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: barbican + description: DatabaseAccount - optional MariaDBAccount CR name used + for barbican DB, defaults to barbican + type: string + databaseHostname: + type: string + databaseInstance: + description: |- + MariaDB instance name + TODO(dmendiza): Is this comment right? + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + enabledSecretStores: + items: + description: This SecretStore type is used by the EnabledSecretStores + variable inside the specification. + enum: + - simple_crypto + - pkcs11 + type: string + maxItems: 2 + minItems: 1 + type: array + x-kubernetes-list-type: set + globalDefaultSecretStore: + default: simple_crypto + description: This SecretStore type is used by the EnabledSecretStores + variable inside the specification. + enum: + - simple_crypto + - pkcs11 + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this component. Setting here overrides + any global NodeSelector settings within the Barbican CR. + type: object + passwordSelectors: + default: + service: BarbicanPassword + simplecryptokek: BarbicanSimpleCryptoKEK + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret + properties: + service: + default: BarbicanPassword + description: Service - Selector to get the barbican service user + password from the Secret + type: string + simplecryptokek: + default: SimpleCryptoKEK + type: string + type: object + pkcs11: + description: BarbicanPKCS11Template - Includes all common HSM properties + properties: + AESGCMGenerateIV: + default: true + description: Generate IVs for CKM_AES_GCM mechanism + type: boolean + HMACKeyType: + default: CKK_GENERIC_SECRET + description: HMAC Key Type + type: string + HMACKeygenMechanism: + default: CKM_GENERIC_SECRET_KEY_GEN + description: HMAC Keygen Mechanism + type: string + HMACLabel: + description: Label to identify HMAC key in the HSM (must not be + the same as MKEK label) + type: string + HMACMechanism: + default: CKM_SHA256_HMAC + description: HMAC Mechanism. This replaces hsm_keywrap_mechanism + type: string + MKEKLabel: + description: Label to identify master KEK in the HSM (must not + be the same as HMAC label) + type: string + MKEKLength: + default: 32 + description: Length in bytes of master KEK + type: integer + OSLockingOK: + default: false + description: Set os_locking_ok + type: boolean + alwaysSetCKASensitive: + default: true + description: Always set cka_sensitive + type: boolean + certificatesMountPoint: + description: The mounting point where the certificates will be + copied to (e.g., /usr/local/luna/config/certs). + type: string + certificatesSecret: + description: The OpenShift secret that stores the HSM certificates. + type: string + clientAddress: + description: The IP address of the client connecting to the HSM + (X.Y.Z.K) + type: string + encryptionMechanism: + default: CKM_AES_GCM + description: Secret encryption mechanism + type: string + keyWrapGenerateIV: + default: true + description: Generate IVs for the key wrap mechanism + type: boolean + keyWrapMechanism: + default: CKM_AES_KEY_WRAP_KWP + description: Key wrap mechanism + type: string + libraryPath: + description: Path to vendor's PKCS11 library + type: string + loggingLevel: + default: 4 + description: Level of logging, where 0 means "no logging" and + 7 means "debug". + maximum: 7 + minimum: 0 + type: integer + loginSecret: + description: OpenShift secret that stores the password to login + to the PKCS11 session + type: string + serverAddress: + description: The HSM's IPv4 address (X.Y.Z.K) + type: string + slotId: + description: |- + One of TokenSerialNumber, TokenLabels or SlotId must + be defined. SlotId is used if none of the others is defined + type: string + tokenLabels: + description: |- + Token labels used to identify the token to be used. + One of TokenSerialNumber, TokenLabels or SlotId must + be specified. TokenLabels takes priority over SlotId. + This can be a comma separated string of labels + type: string + tokenSerialNumber: + description: |- + Token serial number used to identify the token to be used. + One of TokenSerialNumber, TokenLabels or SlotId must + be defined. TokenSerialNumber takes priority over + TokenLabels and SlotId + type: string + type: + description: 'A string containing the HSM type (currently supported: + "luna").' + type: string + required: + - HMACLabel + - MKEKLabel + - libraryPath + - loginSecret + - serverAddress + - type + type: object + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Barbican + type: string + replicas: + default: 1 + description: Replicas of Barbican API to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + default: osp-secret + description: Secret containing all passwords / keys needed + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Barbican services the default SA name + type: string + serviceUser: + default: barbican + description: ServiceUser - optional username used for this service + to register in keystone + type: string + simpleCryptoBackendSecret: + default: osp-secret + description: Secret containing the Key Encryption Key (KEK) used for + the Simple Crypto backend + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + transportURLSecret: + type: string + required: + - containerImage + - databaseHostname + - databaseInstance + - rabbitMqClusterName + - serviceAccount + type: object + status: + description: BarbicanKeystoneListenerStatus defines the observed state + of BarbicanKeystoneListener + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + description: Barbican Database Hostname + type: string + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + readyCount: + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + ReadyCount of barbican API instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/barbican.openstack.org_barbicans.yaml b/bindata/crds/barbican.openstack.org_barbicans.yaml new file mode 100644 index 000000000..0e59343a5 --- /dev/null +++ b/bindata/crds/barbican.openstack.org_barbicans.yaml @@ -0,0 +1,880 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: barbicans.barbican.openstack.org +spec: + group: barbican.openstack.org + names: + kind: Barbican + listKind: BarbicanList + plural: barbicans + singular: barbican + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Barbican is the Schema for the barbicans API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BarbicanSpec defines the desired state of Barbican + properties: + barbicanAPI: + description: BarbicanAPI - Spec definition for the API services of + this Barbican deployment + properties: + containerImage: + description: ContainerImage - Barbican Container Image URL (will + be set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + enableSecureRBAC: + default: true + description: EnableSecureRBAC - Enable Consistent and Secure RBAC + policies + type: boolean + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this component. Setting here overrides + any global NodeSelector settings within the Barbican CR. + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the + configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + replicas: + default: 1 + description: Replicas of Barbican API to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret + for the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + public: + description: Public GenericService - holds the secret + for the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + required: + - containerImage + type: object + barbicanKeystoneListener: + description: BarbicanKeystoneListener - Spec definition for the KeystoneListener + service of this Barbican deployment + properties: + containerImage: + description: ContainerImage - Barbican Container Image URL (will + be set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this component. Setting here overrides + any global NodeSelector settings within the Barbican CR. + type: object + replicas: + default: 1 + description: Replicas of Barbican API to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - containerImage + type: object + barbicanWorker: + description: BarbicanWorker - Spec definition for the Worker service + of this Barbican deployment + properties: + containerImage: + description: ContainerImage - Barbican Container Image URL (will + be set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this component. Setting here overrides + any global NodeSelector settings within the Barbican CR. + type: object + replicas: + default: 1 + description: Replicas of Barbican API to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - containerImage + type: object + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: barbican + description: DatabaseAccount - optional MariaDBAccount CR name used + for barbican DB, defaults to barbican + type: string + databaseInstance: + description: |- + MariaDB instance name + TODO(dmendiza): Is this comment right? + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO(dmendiza): -> implement + type: object + enabledSecretStores: + items: + description: This SecretStore type is used by the EnabledSecretStores + variable inside the specification. + enum: + - simple_crypto + - pkcs11 + type: string + maxItems: 2 + minItems: 1 + type: array + x-kubernetes-list-type: set + globalDefaultSecretStore: + default: simple_crypto + description: This SecretStore type is used by the EnabledSecretStores + variable inside the specification. + enum: + - simple_crypto + - pkcs11 + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this component. Setting here overrides + any global NodeSelector settings within the Barbican CR. + type: object + passwordSelectors: + default: + service: BarbicanPassword + simplecryptokek: BarbicanSimpleCryptoKEK + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret + properties: + service: + default: BarbicanPassword + description: Service - Selector to get the barbican service user + password from the Secret + type: string + simplecryptokek: + default: SimpleCryptoKEK + type: string + type: object + pkcs11: + description: BarbicanPKCS11Template - Includes all common HSM properties + properties: + AESGCMGenerateIV: + default: true + description: Generate IVs for CKM_AES_GCM mechanism + type: boolean + HMACKeyType: + default: CKK_GENERIC_SECRET + description: HMAC Key Type + type: string + HMACKeygenMechanism: + default: CKM_GENERIC_SECRET_KEY_GEN + description: HMAC Keygen Mechanism + type: string + HMACLabel: + description: Label to identify HMAC key in the HSM (must not be + the same as MKEK label) + type: string + HMACMechanism: + default: CKM_SHA256_HMAC + description: HMAC Mechanism. This replaces hsm_keywrap_mechanism + type: string + MKEKLabel: + description: Label to identify master KEK in the HSM (must not + be the same as HMAC label) + type: string + MKEKLength: + default: 32 + description: Length in bytes of master KEK + type: integer + OSLockingOK: + default: false + description: Set os_locking_ok + type: boolean + alwaysSetCKASensitive: + default: true + description: Always set cka_sensitive + type: boolean + certificatesMountPoint: + description: The mounting point where the certificates will be + copied to (e.g., /usr/local/luna/config/certs). + type: string + certificatesSecret: + description: The OpenShift secret that stores the HSM certificates. + type: string + clientAddress: + description: The IP address of the client connecting to the HSM + (X.Y.Z.K) + type: string + encryptionMechanism: + default: CKM_AES_GCM + description: Secret encryption mechanism + type: string + keyWrapGenerateIV: + default: true + description: Generate IVs for the key wrap mechanism + type: boolean + keyWrapMechanism: + default: CKM_AES_KEY_WRAP_KWP + description: Key wrap mechanism + type: string + libraryPath: + description: Path to vendor's PKCS11 library + type: string + loggingLevel: + default: 4 + description: Level of logging, where 0 means "no logging" and + 7 means "debug". + maximum: 7 + minimum: 0 + type: integer + loginSecret: + description: OpenShift secret that stores the password to login + to the PKCS11 session + type: string + serverAddress: + description: The HSM's IPv4 address (X.Y.Z.K) + type: string + slotId: + description: |- + One of TokenSerialNumber, TokenLabels or SlotId must + be defined. SlotId is used if none of the others is defined + type: string + tokenLabels: + description: |- + Token labels used to identify the token to be used. + One of TokenSerialNumber, TokenLabels or SlotId must + be specified. TokenLabels takes priority over SlotId. + This can be a comma separated string of labels + type: string + tokenSerialNumber: + description: |- + Token serial number used to identify the token to be used. + One of TokenSerialNumber, TokenLabels or SlotId must + be defined. TokenSerialNumber takes priority over + TokenLabels and SlotId + type: string + type: + description: 'A string containing the HSM type (currently supported: + "luna").' + type: string + required: + - HMACLabel + - MKEKLabel + - libraryPath + - loginSecret + - serverAddress + - type + type: object + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Barbican + type: string + secret: + default: osp-secret + description: Secret containing all passwords / keys needed + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Barbican services the default SA name + type: string + serviceUser: + default: barbican + description: ServiceUser - optional username used for this service + to register in keystone + type: string + simpleCryptoBackendSecret: + default: osp-secret + description: Secret containing the Key Encryption Key (KEK) used for + the Simple Crypto backend + type: string + required: + - barbicanAPI + - barbicanKeystoneListener + - barbicanWorker + - databaseInstance + - rabbitMqClusterName + - serviceAccount + type: object + status: + description: BarbicanStatus defines the observed state of Barbican + properties: + barbicanAPIReadyCount: + description: ReadyCount of Barbican API instances + format: int32 + type: integer + barbicanKeystoneListenerReadyCount: + description: ReadyCount of Barbican KeystoneListener instances + format: int32 + type: integer + barbicanWorkerReadyCount: + description: ReadyCount of Barbican Worker instances + format: int32 + type: integer + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + description: Barbican Database Hostname + type: string + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + serviceID: + description: ServiceID + type: string + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/barbican.openstack.org_barbicanworkers.yaml b/bindata/crds/barbican.openstack.org_barbicanworkers.yaml new file mode 100644 index 000000000..fd04997f5 --- /dev/null +++ b/bindata/crds/barbican.openstack.org_barbicanworkers.yaml @@ -0,0 +1,433 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: barbicanworkers.barbican.openstack.org +spec: + group: barbican.openstack.org + names: + kind: BarbicanWorker + listKind: BarbicanWorkerList + plural: barbicanworkers + singular: barbicanworker + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: BarbicanWorker is the Schema for the barbicanworkers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BarbicanWorkerSpec defines the desired state of BarbicanWorker + properties: + containerImage: + description: ContainerImage - Barbican Container Image URL (will be + set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: barbican + description: DatabaseAccount - optional MariaDBAccount CR name used + for barbican DB, defaults to barbican + type: string + databaseHostname: + type: string + databaseInstance: + description: |- + MariaDB instance name + TODO(dmendiza): Is this comment right? + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + enabledSecretStores: + items: + description: This SecretStore type is used by the EnabledSecretStores + variable inside the specification. + enum: + - simple_crypto + - pkcs11 + type: string + maxItems: 2 + minItems: 1 + type: array + x-kubernetes-list-type: set + globalDefaultSecretStore: + default: simple_crypto + description: This SecretStore type is used by the EnabledSecretStores + variable inside the specification. + enum: + - simple_crypto + - pkcs11 + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this component. Setting here overrides + any global NodeSelector settings within the Barbican CR. + type: object + passwordSelectors: + default: + service: BarbicanPassword + simplecryptokek: BarbicanSimpleCryptoKEK + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret + properties: + service: + default: BarbicanPassword + description: Service - Selector to get the barbican service user + password from the Secret + type: string + simplecryptokek: + default: SimpleCryptoKEK + type: string + type: object + pkcs11: + description: BarbicanPKCS11Template - Includes all common HSM properties + properties: + AESGCMGenerateIV: + default: true + description: Generate IVs for CKM_AES_GCM mechanism + type: boolean + HMACKeyType: + default: CKK_GENERIC_SECRET + description: HMAC Key Type + type: string + HMACKeygenMechanism: + default: CKM_GENERIC_SECRET_KEY_GEN + description: HMAC Keygen Mechanism + type: string + HMACLabel: + description: Label to identify HMAC key in the HSM (must not be + the same as MKEK label) + type: string + HMACMechanism: + default: CKM_SHA256_HMAC + description: HMAC Mechanism. This replaces hsm_keywrap_mechanism + type: string + MKEKLabel: + description: Label to identify master KEK in the HSM (must not + be the same as HMAC label) + type: string + MKEKLength: + default: 32 + description: Length in bytes of master KEK + type: integer + OSLockingOK: + default: false + description: Set os_locking_ok + type: boolean + alwaysSetCKASensitive: + default: true + description: Always set cka_sensitive + type: boolean + certificatesMountPoint: + description: The mounting point where the certificates will be + copied to (e.g., /usr/local/luna/config/certs). + type: string + certificatesSecret: + description: The OpenShift secret that stores the HSM certificates. + type: string + clientAddress: + description: The IP address of the client connecting to the HSM + (X.Y.Z.K) + type: string + encryptionMechanism: + default: CKM_AES_GCM + description: Secret encryption mechanism + type: string + keyWrapGenerateIV: + default: true + description: Generate IVs for the key wrap mechanism + type: boolean + keyWrapMechanism: + default: CKM_AES_KEY_WRAP_KWP + description: Key wrap mechanism + type: string + libraryPath: + description: Path to vendor's PKCS11 library + type: string + loggingLevel: + default: 4 + description: Level of logging, where 0 means "no logging" and + 7 means "debug". + maximum: 7 + minimum: 0 + type: integer + loginSecret: + description: OpenShift secret that stores the password to login + to the PKCS11 session + type: string + serverAddress: + description: The HSM's IPv4 address (X.Y.Z.K) + type: string + slotId: + description: |- + One of TokenSerialNumber, TokenLabels or SlotId must + be defined. SlotId is used if none of the others is defined + type: string + tokenLabels: + description: |- + Token labels used to identify the token to be used. + One of TokenSerialNumber, TokenLabels or SlotId must + be specified. TokenLabels takes priority over SlotId. + This can be a comma separated string of labels + type: string + tokenSerialNumber: + description: |- + Token serial number used to identify the token to be used. + One of TokenSerialNumber, TokenLabels or SlotId must + be defined. TokenSerialNumber takes priority over + TokenLabels and SlotId + type: string + type: + description: 'A string containing the HSM type (currently supported: + "luna").' + type: string + required: + - HMACLabel + - MKEKLabel + - libraryPath + - loginSecret + - serverAddress + - type + type: object + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Barbican + type: string + replicas: + default: 1 + description: Replicas of Barbican API to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + default: osp-secret + description: Secret containing all passwords / keys needed + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Barbican services the default SA name + type: string + serviceUser: + default: barbican + description: ServiceUser - optional username used for this service + to register in keystone + type: string + simpleCryptoBackendSecret: + default: osp-secret + description: Secret containing the Key Encryption Key (KEK) used for + the Simple Crypto backend + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + transportURLSecret: + type: string + required: + - containerImage + - databaseHostname + - databaseInstance + - rabbitMqClusterName + - serviceAccount + type: object + status: + description: BarbicanWorkerStatus defines the observed state of BarbicanWorker + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + description: Barbican Database Hostname + type: string + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + readyCount: + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + ReadyCount of barbican API instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/baremetal.openstack.org_openstackbaremetalsets.yaml b/bindata/crds/baremetal.openstack.org_openstackbaremetalsets.yaml new file mode 100644 index 000000000..9e47919fc --- /dev/null +++ b/bindata/crds/baremetal.openstack.org_openstackbaremetalsets.yaml @@ -0,0 +1,402 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: openstackbaremetalsets.baremetal.openstack.org +spec: + group: baremetal.openstack.org + names: + kind: OpenStackBaremetalSet + listKind: OpenStackBaremetalSetList + plural: openstackbaremetalsets + shortNames: + - osbmset + - osbmsets + - osbms + singular: openstackbaremetalset + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: OpenStackBaremetalSet is the Schema for the openstackbaremetalsets + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OpenStackBaremetalSetSpec defines the desired state of OpenStackBaremetalSet + properties: + agentImageUrl: + description: AgentImageURL - Container image URL for the sidecar container + that discovers provisioning network IPs + type: string + apacheImageUrl: + description: ApacheImageURL - Container image URL for the main container + that serves the downloaded OS qcow2 image (osImage) + type: string + automatedCleaningMode: + default: metadata + description: |- + When set to disabled, automated cleaning will be avoided + during provisioning and deprovisioning. + enum: + - metadata + - disabled + type: string + baremetalHosts: + additionalProperties: + description: InstanceSpec Instance specific attributes + properties: + bmhLabelSelector: + additionalProperties: + type: string + description: BmhLabelSelector allows for the selection of a + particular BaremetalHost based on arbitrary labels + type: object + ctlPlaneIP: + description: CtlPlaneIP - Control Plane IP in CIDR notation + type: string + networkData: + description: NetworkData - Host Network Data + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which the + secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + userData: + description: UserData - Host User Data + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which the + secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + type: object + description: BaremetalHosts - Map of hostname to Instance Spec for + all nodes to provision + type: object + bmhLabelSelector: + additionalProperties: + type: string + description: BmhLabelSelector allows for a sub-selection of BaremetalHosts + based on arbitrary labels + type: object + bmhNamespace: + default: openshift-machine-api + description: 'BmhNamespace Namespace to look for BaremetalHosts(default: + openshift-machine-api)' + type: string + bootstrapDns: + description: |- + BootstrapDNS - initial DNS nameserver values to set on the BaremetalHosts when they are provisioned. + Note that subsequent deployment will overwrite these values + items: + type: string + type: array + cloudUserName: + default: cloud-admin + description: CloudUser to be configured for remote access + type: string + ctlplaneGateway: + description: 'CtlplaneGateway - IP of gateway for ctrlplane network + (TODO: acquire this is another manner?)' + type: string + ctlplaneInterface: + description: CtlplaneInterface - Interface on the provisioned nodes + to use for ctlplane network + type: string + ctlplaneNetmask: + default: 255.255.255.0 + description: 'CtlplaneNetmask - Netmask to use for ctlplane network + (TODO: acquire this is another manner?)' + type: string + deploymentSSHSecret: + description: DeploymentSSHSecret - Name of secret holding the cloud-admin + ssh keys + type: string + dnsSearchDomains: + description: |- + DNSSearchDomains - initial DNS nameserver values to set on the BaremetalHosts when they are provisioned. + Note that subsequent deployment will overwrite these values + items: + type: string + type: array + domainName: + description: 'DomainName is the domain name that will be set on the + underlying Metal3 BaremetalHosts (TODO: acquire this is another + manner?)' + type: string + hardwareReqs: + description: Hardware requests for sub-selection of BaremetalHosts + with certain hardware specs + properties: + cpuReqs: + description: CPUReqs defines specific CPU hardware requests + properties: + arch: + description: |- + Arch is a scalar (string) because it wouldn't make sense to give it an "exact-match" option + Can be either "x86_64" or "ppc64le" if included + enum: + - x86_64 + - ppc64le + type: string + countReq: + description: CPUCountReq defines a specific hardware request + for CPU core count + properties: + count: + minimum: 1 + type: integer + exactMatch: + description: If ExactMatch == false, actual count > Count + will match + type: boolean + type: object + mhzReq: + description: CPUMhzReq defines a specific hardware request + for CPU clock speed + properties: + exactMatch: + description: If ExactMatch == false, actual mhz > Mhz + will match + type: boolean + mhz: + minimum: 1 + type: integer + type: object + type: object + diskReqs: + description: DiskReqs defines specific disk hardware requests + properties: + gbReq: + description: DiskGbReq defines a specific hardware request + for disk size + properties: + exactMatch: + description: If ExactMatch == false, actual GB > Gb will + match + type: boolean + gb: + minimum: 1 + type: integer + type: object + ssdReq: + description: SSD is scalar (bool) because it wouldn't make + sense to give it an "exact-match" option + properties: + exactMatch: + description: |- + We only actually care about SSD flag if it is true or ExactMatch is set to true. + This second flag is necessary as SSD's bool zero-value (false) is indistinguishable + from it being explicitly set to false + type: boolean + ssd: + type: boolean + type: object + type: object + memReqs: + description: MemReqs defines specific memory hardware requests + properties: + gbReq: + description: MemGbReq defines a specific hardware request + for memory size + properties: + exactMatch: + description: If ExactMatch == false, actual GB > Gb will + match + type: boolean + gb: + minimum: 1 + type: integer + type: object + type: object + type: object + osContainerImageUrl: + description: OSContainerImageURL - Container image URL for init with + the OS qcow2 image (osImage) + type: string + osImage: + description: OSImage - OS qcow2 image Name + type: string + passwordSecret: + description: |- + PasswordSecret the name of the secret used to optionally set the root pwd by adding + NodeRootPassword: + to the secret data + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + provisionServerName: + description: ProvisionServerName - Optional. Existing OpenStackProvisionServer + to use, else one would be created. + type: string + provisionServerNodeSelector: + additionalProperties: + type: string + description: ProvisonServerNodeSelector to target subset of worker + nodes running provision server + type: object + provisioningInterface: + description: ProvisioningInterface - Optional. If not provided along + with ProvisionServerName, it would be discovered from CBO. This + is the provisioning interface on the OCP masters/workers. + type: string + required: + - cloudUserName + - ctlplaneInterface + - deploymentSSHSecret + type: object + status: + description: OpenStackBaremetalSetStatus defines the observed state of + OpenStackBaremetalSet + properties: + baremetalHosts: + additionalProperties: + description: HostStatus represents the IPStatus and provisioning + state + deployment information + properties: + annotatedForDeletion: + default: false + description: Host annotated for deletion + type: boolean + bmhRef: + default: unassigned + type: string + hostname: + type: string + ipAddresses: + additionalProperties: + type: string + type: object + networkDataSecretName: + type: string + provisioningState: + description: ProvisioningState - the overall state of a BMH + type: string + userDataSecretName: + type: string + required: + - annotatedForDeletion + - bmhRef + - hostname + - networkDataSecretName + - provisioningState + - userDataSecretName + type: object + description: BaremetalHosts that are being processed or have been + processed for this OpenStackBaremetalSet + type: object + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/baremetal.openstack.org_openstackprovisionservers.yaml b/bindata/crds/baremetal.openstack.org_openstackprovisionservers.yaml new file mode 100644 index 000000000..75aeac4d9 --- /dev/null +++ b/bindata/crds/baremetal.openstack.org_openstackprovisionservers.yaml @@ -0,0 +1,249 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: openstackprovisionservers.baremetal.openstack.org +spec: + group: baremetal.openstack.org + names: + kind: OpenStackProvisionServer + listKind: OpenStackProvisionServerList + plural: openstackprovisionservers + shortNames: + - osprovserver + - osprovservers + singular: openstackprovisionserver + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: OpenStackProvisionServer used to serve custom images for baremetal + provisioning with Metal3 + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OpenStackProvisionServerSpec defines the desired state of + OpenStackProvisionServer + properties: + agentImageUrl: + description: AgentImageURL - Container image URL for the sidecar container + that discovers provisioning network IPs + type: string + apacheImageUrl: + description: ApacheImageURL - Container image URL for the main container + that serves the downloaded OS qcow2 image (osImage) + type: string + interface: + description: Interface - An optional interface to use instead of the + cluster's default provisioning interface (if any) + type: string + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this provision server + type: object + osContainerImageUrl: + description: OSContainerImageURL - Container image URL for init with + the OS qcow2 image (osImage) + type: string + osImage: + description: OSImage - OS qcow2 image (compressed as gz, or uncompressed) + type: string + osImageDir: + default: /usr/local/apache2/htdocs + description: OSImageDir - Directory on the container which holds the + OS qcow2 image and checksum + type: string + port: + description: Port - The port on which the Apache server should listen + format: int32 + maximum: 6220 + minimum: 6190 + type: integer + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + resources: + description: |- + Resources - Compute Resources required by this provision server (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - agentImageUrl + - apacheImageUrl + - osContainerImageUrl + - osImage + - osImageDir + type: object + status: + description: OpenStackProvisionServerStatus defines the observed state + of OpenStackProvisionServer + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + localImageChecksumUrl: + description: URL of provisioning image checksum on underlying Apache + web server + type: string + localImageUrl: + description: URL of provisioning image on underlying Apache web server + type: string + osImageChecksumFilename: + description: Filename of OSImage checksum + type: string + osImageChecksumType: + description: OSImage checksum type + enum: + - md5 + - sha256 + - sha512 + - auto + type: string + provisionIp: + description: IP of the provisioning interface on the node running + the ProvisionServer pod + type: string + readyCount: + description: ReadyCount of provision server Apache instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/cinder.openstack.org_cinderapis.yaml b/bindata/crds/cinder.openstack.org_cinderapis.yaml new file mode 100644 index 000000000..ba526c306 --- /dev/null +++ b/bindata/crds/cinder.openstack.org_cinderapis.yaml @@ -0,0 +1,740 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: cinderapis.cinder.openstack.org +spec: + group: cinder.openstack.org + names: + kind: CinderAPI + listKind: CinderAPIList + plural: cinderapis + singular: cinderapi + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: cinder + type: string + databaseHostname: + type: string + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + passwordSelectors: + default: + service: CinderPassword + properties: + service: + default: CinderPassword + type: string + type: object + replicas: + default: 1 + format: int32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: cinder + type: string + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + transportURLSecret: + type: string + required: + - containerImage + - databaseHostname + - secret + - serviceAccount + - transportURLSecret + type: object + status: + properties: + apiEndpoints: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + type: object + observedGeneration: + format: int64 + type: integer + readyCount: + default: 0 + format: int32 + minimum: 0 + type: integer + serviceIDs: + additionalProperties: + type: string + type: object + required: + - readyCount + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/cinder.openstack.org_cinderbackups.yaml b/bindata/crds/cinder.openstack.org_cinderbackups.yaml new file mode 100644 index 000000000..ca6f2ad77 --- /dev/null +++ b/bindata/crds/cinder.openstack.org_cinderbackups.yaml @@ -0,0 +1,666 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: cinderbackups.cinder.openstack.org +spec: + group: cinder.openstack.org + names: + kind: CinderBackup + listKind: CinderBackupList + plural: cinderbackups + singular: cinderbackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: cinder + type: string + databaseHostname: + type: string + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: CinderPassword + properties: + service: + default: CinderPassword + type: string + type: object + replicas: + default: 1 + format: int32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: cinder + type: string + tls: + properties: + caBundleSecretName: + type: string + type: object + transportURLSecret: + type: string + required: + - containerImage + - databaseHostname + - secret + - serviceAccount + - transportURLSecret + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + type: object + observedGeneration: + format: int64 + type: integer + readyCount: + default: 0 + format: int32 + minimum: 0 + type: integer + required: + - readyCount + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/cinder.openstack.org_cinders.yaml b/bindata/crds/cinder.openstack.org_cinders.yaml new file mode 100644 index 000000000..fe74059b7 --- /dev/null +++ b/bindata/crds/cinder.openstack.org_cinders.yaml @@ -0,0 +1,956 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: cinders.cinder.openstack.org +spec: + group: cinder.openstack.org + names: + kind: Cinder + listKind: CinderList + plural: cinders + singular: cinder + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + apiTimeout: + default: 60 + minimum: 10 + type: integer + cinderAPI: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + required: + - containerImage + type: object + cinderBackup: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + cinderScheduler: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + cinderVolumes: + additionalProperties: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 1 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + type: object + customServiceConfig: + type: string + databaseAccount: + default: cinder + type: string + databaseInstance: + type: string + dbPurge: + properties: + age: + default: 30 + minimum: 1 + type: integer + schedule: + default: 1 0 * * * + type: string + type: object + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + memcachedInstance: + default: memcached + type: string + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: CinderPassword + properties: + service: + default: CinderPassword + type: string + type: object + preserveJobs: + default: false + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + secret: + type: string + serviceUser: + default: cinder + type: string + required: + - cinderAPI + - cinderScheduler + - databaseInstance + - memcachedInstance + - rabbitMqClusterName + - secret + type: object + status: + properties: + apiEndpoints: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + cinderAPIReadyCount: + default: 0 + format: int32 + minimum: 0 + type: integer + cinderBackupReadyCount: + default: 0 + format: int32 + minimum: 0 + type: integer + cinderSchedulerReadyCount: + default: 0 + format: int32 + minimum: 0 + type: integer + cinderVolumesReadyCounts: + additionalProperties: + format: int32 + type: integer + type: object + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + type: string + hash: + additionalProperties: + type: string + type: object + observedGeneration: + format: int64 + type: integer + serviceIDs: + additionalProperties: + type: string + type: object + transportURLSecret: + type: string + required: + - cinderAPIReadyCount + - cinderBackupReadyCount + - cinderSchedulerReadyCount + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/cinder.openstack.org_cinderschedulers.yaml b/bindata/crds/cinder.openstack.org_cinderschedulers.yaml new file mode 100644 index 000000000..13a099652 --- /dev/null +++ b/bindata/crds/cinder.openstack.org_cinderschedulers.yaml @@ -0,0 +1,666 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: cinderschedulers.cinder.openstack.org +spec: + group: cinder.openstack.org + names: + kind: CinderScheduler + listKind: CinderSchedulerList + plural: cinderschedulers + singular: cinderscheduler + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: cinder + type: string + databaseHostname: + type: string + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: CinderPassword + properties: + service: + default: CinderPassword + type: string + type: object + replicas: + default: 1 + format: int32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: cinder + type: string + tls: + properties: + caBundleSecretName: + type: string + type: object + transportURLSecret: + type: string + required: + - containerImage + - databaseHostname + - secret + - serviceAccount + - transportURLSecret + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + type: object + observedGeneration: + format: int64 + type: integer + readyCount: + default: 0 + format: int32 + minimum: 0 + type: integer + required: + - readyCount + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/cinder.openstack.org_cindervolumes.yaml b/bindata/crds/cinder.openstack.org_cindervolumes.yaml new file mode 100644 index 000000000..5df11c737 --- /dev/null +++ b/bindata/crds/cinder.openstack.org_cindervolumes.yaml @@ -0,0 +1,667 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: cindervolumes.cinder.openstack.org +spec: + group: cinder.openstack.org + names: + kind: CinderVolume + listKind: CinderVolumeList + plural: cindervolumes + singular: cindervolume + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: cinder + type: string + databaseHostname: + type: string + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: CinderPassword + properties: + service: + default: CinderPassword + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 1 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: cinder + type: string + tls: + properties: + caBundleSecretName: + type: string + type: object + transportURLSecret: + type: string + required: + - containerImage + - databaseHostname + - secret + - serviceAccount + - transportURLSecret + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + type: object + observedGeneration: + format: int64 + type: integer + readyCount: + default: 0 + format: int32 + minimum: 0 + type: integer + required: + - readyCount + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/crds.yaml b/bindata/crds/crds.yaml new file mode 100644 index 000000000..ded3d3e49 --- /dev/null +++ b/bindata/crds/crds.yaml @@ -0,0 +1,18986 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: openstackclients.client.openstack.org +spec: + group: client.openstack.org + names: + kind: OpenStackClient + listKind: OpenStackClientList + plural: openstackclients + shortNames: + - osclient + - osclients + singular: openstackclient + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + caBundleSecretName: + type: string + containerImage: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + openStackConfigMap: + default: openstack-config + type: string + openStackConfigSecret: + default: openstack-config-secret + type: string + required: + - containerImage + - openStackConfigMap + - openStackConfigSecret + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + type: object + observedGeneration: + format: int64 + type: integer + podName: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: openstackcontrolplanes.core.openstack.org +spec: + group: core.openstack.org + names: + kind: OpenStackControlPlane + listKind: OpenStackControlPlaneList + plural: openstackcontrolplanes + shortNames: + - osctlplane + - osctlplanes + - oscp + - oscps + singular: openstackcontrolplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + barbican: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: true + type: boolean + template: + properties: + barbicanAPI: + properties: + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + enableSecureRBAC: + default: true + type: boolean + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + type: object + barbicanKeystoneListener: + properties: + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + barbicanWorker: + properties: + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + customServiceConfig: + type: string + databaseAccount: + default: barbican + type: string + databaseInstance: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + enabledSecretStores: + items: + enum: + - simple_crypto + - pkcs11 + type: string + maxItems: 2 + minItems: 1 + type: array + x-kubernetes-list-type: set + globalDefaultSecretStore: + default: simple_crypto + enum: + - simple_crypto + - pkcs11 + type: string + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: BarbicanPassword + simplecryptokek: BarbicanSimpleCryptoKEK + properties: + service: + default: BarbicanPassword + type: string + simplecryptokek: + default: SimpleCryptoKEK + type: string + type: object + pkcs11: + properties: + AESGCMGenerateIV: + default: true + type: boolean + HMACKeyType: + default: CKK_GENERIC_SECRET + type: string + HMACKeygenMechanism: + default: CKM_GENERIC_SECRET_KEY_GEN + type: string + HMACLabel: + type: string + HMACMechanism: + default: CKM_SHA256_HMAC + type: string + MKEKLabel: + type: string + MKEKLength: + default: 32 + type: integer + OSLockingOK: + default: false + type: boolean + alwaysSetCKASensitive: + default: true + type: boolean + certificatesMountPoint: + type: string + certificatesSecret: + type: string + clientAddress: + type: string + encryptionMechanism: + default: CKM_AES_GCM + type: string + keyWrapGenerateIV: + default: true + type: boolean + keyWrapMechanism: + default: CKM_AES_KEY_WRAP_KWP + type: string + libraryPath: + type: string + loggingLevel: + default: 4 + maximum: 7 + minimum: 0 + type: integer + loginSecret: + type: string + serverAddress: + type: string + slotId: + type: string + tokenLabels: + type: string + tokenSerialNumber: + type: string + type: + type: string + required: + - HMACLabel + - MKEKLabel + - libraryPath + - loginSecret + - serverAddress + - type + type: object + preserveJobs: + default: false + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + secret: + default: osp-secret + type: string + serviceAccount: + type: string + serviceUser: + default: barbican + type: string + simpleCryptoBackendSecret: + default: osp-secret + type: string + required: + - barbicanAPI + - barbicanKeystoneListener + - barbicanWorker + - databaseInstance + - rabbitMqClusterName + - serviceAccount + type: object + type: object + cinder: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: true + type: boolean + template: + properties: + apiTimeout: + default: 60 + minimum: 10 + type: integer + cinderAPI: + properties: + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + type: object + cinderBackup: + properties: + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + cinderScheduler: + properties: + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + cinderVolumes: + additionalProperties: + properties: + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 1 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: object + customServiceConfig: + type: string + databaseAccount: + default: cinder + type: string + databaseInstance: + type: string + dbPurge: + properties: + age: + default: 30 + minimum: 1 + type: integer + schedule: + default: 1 0 * * * + type: string + type: object + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + memcachedInstance: + default: memcached + type: string + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: CinderPassword + properties: + service: + default: CinderPassword + type: string + type: object + preserveJobs: + default: false + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + secret: + type: string + serviceUser: + default: cinder + type: string + required: + - cinderAPI + - cinderScheduler + - databaseInstance + - memcachedInstance + - rabbitMqClusterName + - secret + type: object + uniquePodNames: + default: false + type: boolean + type: object + designate: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: false + type: boolean + template: + properties: + backendMdnsServerProtocol: + type: string + backendType: + type: string + backendWorkerServerProtocol: + type: string + customServiceConfig: + default: '# add your customization here' + type: string + databaseAccount: + default: designate + type: string + databaseInstance: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + designateAPI: + properties: + backendMdnsServerProtocol: + type: string + backendType: + type: string + backendWorkerServerProtocol: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: designate + type: string + databaseHostname: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + passwordSelectors: + default: + service: DesignatePassword + properties: + service: + default: DesignatePassword + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: designate + type: string + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + transportURLSecret: + type: string + type: object + designateBackendbind9: + properties: + backendMdnsServerProtocol: + type: string + backendType: + type: string + backendWorkerServerProtocol: + type: string + controlNetworkName: + default: designate + type: string + customBindOptions: + items: + type: string + type: array + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: designate + type: string + databaseHostname: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: DesignatePassword + properties: + service: + default: DesignatePassword + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: designate + type: string + storageClass: + type: string + storageRequest: + type: string + transportURLSecret: + type: string + type: object + designateCentral: + properties: + backendMdnsServerProtocol: + type: string + backendType: + type: string + backendWorkerServerProtocol: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: designate + type: string + databaseHostname: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: DesignatePassword + properties: + service: + default: DesignatePassword + type: string + type: object + redisHostIPs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: designate + type: string + tls: + properties: + caBundleSecretName: + type: string + type: object + transportURLSecret: + type: string + type: object + designateMdns: + properties: + backendMdnsServerProtocol: + type: string + backendType: + type: string + backendWorkerServerProtocol: + type: string + controlNetworkName: + default: designate + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: designate + type: string + databaseHostname: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: DesignatePassword + properties: + service: + default: DesignatePassword + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: designate + type: string + tls: + properties: + caBundleSecretName: + type: string + type: object + transportURLSecret: + type: string + type: object + designateNetworkAttachment: + default: designate + type: string + designateProducer: + properties: + backendMdnsServerProtocol: + type: string + backendType: + type: string + backendWorkerServerProtocol: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: designate + type: string + databaseHostname: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: DesignatePassword + properties: + service: + default: DesignatePassword + type: string + type: object + redisHostIPs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: designate + type: string + tls: + properties: + caBundleSecretName: + type: string + type: object + transportURLSecret: + type: string + type: object + designateUnbound: + properties: + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + serviceAccount: + type: string + type: object + designateWorker: + properties: + backendMdnsServerProtocol: + type: string + backendType: + type: string + backendWorkerServerProtocol: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: designate + type: string + databaseHostname: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: DesignatePassword + properties: + service: + default: DesignatePassword + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: designate + type: string + tls: + properties: + caBundleSecretName: + type: string + type: object + transportURLSecret: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: DesignatePassword + properties: + service: + default: DesignatePassword + type: string + type: object + preserveJobs: + default: false + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + redisServiceName: + default: designate-redis + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceUser: + default: designate + type: string + required: + - databaseInstance + - designateAPI + - designateBackendbind9 + - designateCentral + - designateMdns + - designateProducer + - designateWorker + - rabbitMqClusterName + - secret + type: object + type: object + dns: + properties: + enabled: + default: true + type: boolean + template: + properties: + containerImage: + type: string + dnsDataLabelSelectorValue: + default: dnsdata + type: string + nodeSelector: + additionalProperties: + type: string + type: object + options: + items: + properties: + key: + enum: + - server + - rev-server + - srv-host + - txt-record + - ptr-record + - rebind-domain-ok + - naptr-record + - cname + - host-record + - caa-record + - dns-rr + - auth-zone + - synth-domain + - no-negcache + - local + type: string + values: + items: + type: string + type: array + required: + - key + - values + type: object + type: array + override: + properties: + service: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + type: integer + type: object + type: object + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + galera: + properties: + enabled: + default: true + type: boolean + templates: + additionalProperties: + properties: + customServiceConfig: + type: string + disableNonTLSListeners: + type: boolean + logToDisk: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 3 + minimum: 0 + type: integer + secret: + type: string + storageClass: + type: string + storageRequest: + type: string + tls: + properties: + caBundleSecretName: + type: string + secretName: + type: string + type: object + required: + - replicas + - secret + - storageClass + - storageRequest + type: object + type: object + type: object + glance: + properties: + apiOverrides: + additionalProperties: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + type: object + enabled: + default: true + type: boolean + template: + properties: + apiTimeout: + default: 60 + minimum: 1 + type: integer + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: glance + type: string + databaseInstance: + type: string + dbPurge: + properties: + age: + default: 30 + minimum: 1 + type: integer + schedule: + default: 1 0 * * * + type: string + type: object + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + glanceAPIs: + additionalProperties: + properties: + apiTimeout: + minimum: 1 + type: integer + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + imageCache: + properties: + cleanerScheduler: + default: '*/30 * * * *' + type: string + prunerScheduler: + default: 1 0 * * * + type: string + size: + default: "" + type: string + required: + - size + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + storage: + properties: + external: + type: boolean + storageClass: + type: string + storageRequest: + type: string + type: object + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + type: + default: split + enum: + - split + - single + - edge + type: string + required: + - containerImage + type: object + default: {} + type: object + imageCache: + properties: + cleanerScheduler: + default: '*/30 * * * *' + type: string + prunerScheduler: + default: 1 0 * * * + type: string + size: + default: "" + type: string + required: + - size + type: object + keystoneEndpoint: + default: "" + type: string + memcachedInstance: + default: memcached + type: string + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: GlancePassword + properties: + service: + default: GlancePassword + type: string + type: object + preserveJobs: + default: false + type: boolean + quotas: + properties: + imageCountTotal: + default: 0 + type: integer + imageCountUpload: + default: 0 + type: integer + imageSizeTotal: + default: 0 + type: integer + imageStageTotal: + default: 0 + type: integer + required: + - imageCountTotal + - imageCountUpload + - imageSizeTotal + - imageStageTotal + type: object + secret: + type: string + serviceUser: + default: glance + type: string + storage: + properties: + external: + type: boolean + storageClass: + type: string + storageRequest: + type: string + type: object + required: + - databaseInstance + - glanceAPIs + - imageCache + - keystoneEndpoint + - memcachedInstance + - secret + type: object + uniquePodNames: + default: false + type: boolean + type: object + heat: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + cnfAPIOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: false + type: boolean + template: + properties: + apiTimeout: + default: 600 + minimum: 60 + type: integer + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: heat + type: string + databaseInstance: + default: openstack + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + heatAPI: + properties: + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + type: object + heatCfnAPI: + properties: + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + type: object + heatEngine: + properties: + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + memcachedInstance: + default: memcached + type: string + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + authEncryptionKey: HeatAuthEncryptionKey + service: HeatPassword + properties: + authEncryptionKey: + default: HeatAuthEncryptionKey + type: string + service: + default: HeatPassword + type: string + stackDomainAdminPassword: + default: HeatStackDomainAdminPassword + type: string + type: object + preserveJobs: + default: false + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + secret: + type: string + serviceUser: + default: heat + type: string + required: + - databaseInstance + - heatAPI + - heatCfnAPI + - heatEngine + - memcachedInstance + - rabbitMqClusterName + - secret + type: object + type: object + horizon: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: false + type: boolean + template: + properties: + customServiceConfig: + default: '# add your customization here' + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + extraMounts: + default: [] + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + memcachedInstance: + default: memcached + type: string + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + preserveJobs: + default: false + type: boolean + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + tls: + properties: + caBundleSecretName: + type: string + secretName: + type: string + type: object + required: + - memcachedInstance + - secret + type: object + type: object + ironic: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: false + type: boolean + inspectorOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + template: + properties: + customServiceConfig: + default: '# add your customization here' + type: string + databaseAccount: + default: ironic + type: string + databaseInstance: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + ironicAPI: + properties: + customServiceConfig: + default: '# add your customization here' + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + type: object + ironicConductors: + items: + properties: + conductorGroup: + type: string + customServiceConfig: + default: '# add your customization here' + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + dhcpRanges: + items: + properties: + cidr: + type: string + end: + type: string + gateway: + type: string + mtu: + type: integer + name: + type: string + podIndex: + type: integer + start: + type: string + required: + - cidr + - end + - start + type: object + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + provisionNetwork: + type: string + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + storageClass: + default: "" + type: string + storageRequest: + type: string + required: + - storageClass + - storageRequest + type: object + type: array + ironicInspector: + properties: + customServiceConfig: + default: '# add your customization here' + type: string + databaseAccount: + default: ironic-inspector + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + dhcpRanges: + items: + properties: + cidr: + type: string + end: + type: string + gateway: + type: string + mtu: + type: integer + name: + type: string + podIndex: + type: integer + start: + type: string + required: + - cidr + - end + - start + type: object + type: array + inspectionNetwork: + type: string + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + passwordSelectors: + default: + service: IronicInspectorPassword + properties: + service: + default: IronicInspectorPassword + type: string + type: object + preserveJobs: + default: true + type: boolean + replicas: + default: 1 + format: int32 + maximum: 1 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + serviceUser: + default: ironic-inspector + type: string + storageClass: + type: string + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + type: object + ironicNeutronAgent: + properties: + customServiceConfig: + default: '# add your customization here' + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + rabbitMqClusterName: + default: rabbitmq + type: string + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: IronicPassword + properties: + service: + default: IronicPassword + type: string + type: object + preserveJobs: + default: true + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + rpcTransport: + type: string + secret: + type: string + serviceUser: + default: ironic + type: string + standalone: + default: false + type: boolean + storageClass: + default: "" + type: string + required: + - databaseInstance + - ironicAPI + - ironicInspector + - ironicNeutronAgent + - secret + - storageClass + type: object + type: object + keystone: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: true + type: boolean + template: + properties: + adminProject: + default: admin + type: string + adminUser: + default: admin + type: string + customServiceConfig: + type: string + databaseAccount: + default: keystone + type: string + databaseInstance: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + enableSecureRBAC: + default: true + type: boolean + fernetMaxActiveKeys: + default: 5 + format: int32 + minimum: 3 + type: integer + fernetRotationDays: + default: 1 + format: int32 + minimum: 1 + type: integer + httpdCustomization: + properties: + processNumber: + default: 3 + format: int32 + minimum: 1 + type: integer + type: object + memcachedInstance: + default: memcached + type: string + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + passwordSelectors: + default: + admin: AdminPassword + properties: + admin: + default: AdminPassword + type: string + type: object + preserveJobs: + default: false + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + region: + default: regionOne + type: string + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + trustFlushArgs: + default: "" + type: string + trustFlushSchedule: + default: 1 * * * * + type: string + trustFlushSuspend: + default: false + type: boolean + required: + - databaseInstance + - memcachedInstance + - rabbitMqClusterName + - secret + type: object + type: object + manila: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: false + type: boolean + template: + properties: + apiTimeout: + default: 60 + minimum: 10 + type: integer + customServiceConfig: + default: '# add your customization here' + type: string + databaseAccount: + default: manila + type: string + databaseInstance: + type: string + dbPurge: + properties: + age: + default: 30 + minimum: 1 + type: integer + schedule: + default: 1 0 * * * + type: string + type: object + debug: + properties: + dbPurge: + default: false + type: boolean + type: object + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + manilaAPI: + properties: + customServiceConfig: + default: '# add your customization here' + type: string + customServiceConfigSecrets: + items: + type: string + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + type: object + manilaScheduler: + properties: + customServiceConfig: + default: '# add your customization here' + type: string + customServiceConfigSecrets: + items: + type: string + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + manilaShares: + additionalProperties: + properties: + customServiceConfig: + default: '# add your customization here' + type: string + customServiceConfigSecrets: + items: + type: string + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: object + memcachedInstance: + default: memcached + type: string + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: ManilaPassword + properties: + service: + default: ManilaPassword + type: string + type: object + preserveJobs: + default: false + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + secret: + type: string + serviceUser: + default: manila + type: string + required: + - manilaAPI + - manilaScheduler + - memcachedInstance + - rabbitMqClusterName + type: object + type: object + memcached: + properties: + enabled: + default: true + type: boolean + templates: + additionalProperties: + properties: + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 1 + type: integer + tls: + properties: + caBundleSecretName: + type: string + secretName: + type: string + type: object + required: + - replicas + type: object + type: object + type: object + neutron: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: true + type: boolean + template: + properties: + apiTimeout: + default: 120 + minimum: 1 + type: integer + corePlugin: + default: ml2 + type: string + customServiceConfig: + type: string + databaseAccount: + default: neutron + type: string + databaseInstance: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + memcachedInstance: + default: memcached + type: string + ml2MechanismDrivers: + default: + - ovn + items: + type: string + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + passwordSelectors: + default: + service: NeutronPassword + properties: + service: + default: NeutronPassword + type: string + type: object + preserveJobs: + default: false + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceUser: + default: neutron + type: string + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + ovn: + properties: + secretName: + type: string + type: object + type: object + required: + - databaseInstance + - memcachedInstance + - rabbitMqClusterName + - secret + type: object + type: object + nodeSelector: + additionalProperties: + type: string + type: object + nova: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + cellOverride: + additionalProperties: + properties: + noVNCProxy: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') + && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + type: object + type: object + enabled: + default: true + type: boolean + template: + properties: + apiContainerImageURL: + type: string + apiDatabaseAccount: + default: nova-api + type: string + apiDatabaseInstance: + default: openstack + type: string + apiMessageBusInstance: + default: rabbitmq + type: string + apiServiceTemplate: + default: + replicas: 1 + properties: + customServiceConfig: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + type: object + cellTemplates: + additionalProperties: + properties: + cellDatabaseAccount: + type: string + cellDatabaseInstance: + default: openstack + type: string + cellMessageBusInstance: + default: rabbitmq + type: string + conductorServiceTemplate: + properties: + customServiceConfig: + type: string + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + dbPurge: + properties: + archiveAge: + default: 30 + minimum: 1 + type: integer + purgeAge: + default: 90 + minimum: 1 + type: integer + schedule: + default: 0 0 * * * + type: string + type: object + hasAPIAccess: + type: boolean + memcachedInstance: + type: string + metadataServiceTemplate: + properties: + customServiceConfig: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + enabled: + type: boolean + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tls: + properties: + caBundleSecretName: + type: string + secretName: + type: string + type: object + type: object + noVNCProxyServiceTemplate: + properties: + customServiceConfig: + type: string + enabled: + type: boolean + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tls: + properties: + caBundleSecretName: + type: string + service: + properties: + secretName: + type: string + type: object + vencrypt: + properties: + secretName: + type: string + type: object + type: object + type: object + nodeSelector: + additionalProperties: + type: string + type: object + novaComputeTemplates: + additionalProperties: + properties: + computeDriver: + enum: + - ironic.IronicDriver + - fake.FakeDriver + type: string + customServiceConfig: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - computeDriver + type: object + type: object + required: + - cellDatabaseAccount + - hasAPIAccess + type: object + default: + cell0: + cellDatabaseAccount: nova-cell0 + hasAPIAccess: true + cell1: + cellDatabaseAccount: nova-cell1 + cellDatabaseInstance: openstack-cell1 + cellMessageBusInstance: rabbitmq-cell1 + hasAPIAccess: true + type: object + computeContainerImageURL: + type: string + conductorContainerImageURL: + type: string + keystoneInstance: + default: keystone + type: string + memcachedInstance: + default: memcached + type: string + metadataContainerImageURL: + type: string + metadataServiceTemplate: + default: + enabled: true + properties: + customServiceConfig: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + enabled: + type: boolean + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tls: + properties: + caBundleSecretName: + type: string + secretName: + type: string + type: object + type: object + nodeSelector: + additionalProperties: + type: string + type: object + novncproxyContainerImageURL: + type: string + passwordSelectors: + default: + service: NovaPassword + properties: + metadataSecret: + default: MetadataSecret + type: string + prefixMetadataCellsSecret: + default: MetadataCellsSecret + type: string + service: + default: NovaPassword + type: string + type: object + preserveJobs: + default: false + type: boolean + schedulerContainerImageURL: + type: string + schedulerServiceTemplate: + default: + replicas: 1 + properties: + customServiceConfig: + type: string + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + secret: + type: string + serviceUser: + default: nova + type: string + required: + - apiContainerImageURL + - computeContainerImageURL + - conductorContainerImageURL + - metadataContainerImageURL + - novncproxyContainerImageURL + - schedulerContainerImageURL + - secret + type: object + type: object + octavia: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: false + type: boolean + template: + properties: + amphoraCustomFlavors: + default: [] + items: + properties: + RAM: + type: integer + RxTxFactor: + type: string + VCPUs: + type: integer + description: + type: string + disk: + type: integer + name: + type: string + required: + - RAM + - VCPUs + - disk + - name + type: object + type: array + amphoraImageContainerImage: + type: string + apacheContainerImage: + type: string + apiTimeout: + default: 120 + type: integer + customServiceConfig: + default: '# add your customization here' + type: string + databaseAccount: + default: octavia + type: string + databaseInstance: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + lbMgmtNetwork: + default: + createDefaultLbMgmtNetwork: true + manageLbMgmtNetworks: true + properties: + availabilityZoneCIDRs: + additionalProperties: + type: string + type: object + availabilityZones: + items: + type: string + type: array + createDefaultLbMgmtNetwork: + default: true + type: boolean + lbMgmtRouterGateway: + type: string + manageLbMgmtNetworks: + default: true + type: boolean + type: object + nodeSelector: + additionalProperties: + type: string + type: object + octaviaAPI: + properties: + apiTimeout: + type: integer + customServiceConfig: + default: '# add your customization here' + type: string + databaseAccount: + default: octavia + type: string + databaseHostname: + type: string + databaseInstance: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + passwordSelectors: + default: + service: OctaviaPassword + properties: + database: + default: OctaviaDatabasePassword + type: string + service: + default: OctaviaPassword + type: string + type: object + persistenceDatabaseAccount: + default: octavia-persistence + type: string + preserveJobs: + default: false + type: boolean + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: octavia + type: string + tenantName: + default: service + type: string + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + ovn: + properties: + secretName: + type: string + type: object + type: object + transportURLSecret: + type: string + required: + - databaseInstance + - secret + - serviceAccount + type: object + octaviaHealthManager: + properties: + amphoraCustomFlavors: + default: [] + items: + properties: + RAM: + type: integer + RxTxFactor: + type: string + VCPUs: + type: integer + description: + type: string + disk: + type: integer + name: + type: string + required: + - RAM + - VCPUs + - disk + - name + type: object + type: array + amphoraImageOwnerID: + default: "" + type: string + customServiceConfig: + default: '# add your customization here' + type: string + databaseAccount: + default: octavia + type: string + databaseHostname: + type: string + databaseInstance: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + lbMgmtNetworkID: + default: "" + type: string + lbSecurityGroupID: + default: "" + type: string + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + octaviaProviderSubnetCIDR: + type: string + octaviaProviderSubnetExtraCIDRs: + items: + type: string + type: array + octaviaProviderSubnetGateway: + type: string + passwordSelectors: + default: + service: OctaviaPassword + properties: + database: + default: OctaviaDatabasePassword + type: string + service: + default: OctaviaPassword + type: string + type: object + persistenceDatabaseAccount: + default: octavia-persistence + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + role: + type: string + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: octavia + type: string + tenantName: + default: service + type: string + tls: + properties: + caBundleSecretName: + type: string + type: object + transportURLSecret: + type: string + required: + - databaseInstance + - role + - secret + - serviceAccount + type: object + octaviaHousekeeping: + properties: + amphoraCustomFlavors: + default: [] + items: + properties: + RAM: + type: integer + RxTxFactor: + type: string + VCPUs: + type: integer + description: + type: string + disk: + type: integer + name: + type: string + required: + - RAM + - VCPUs + - disk + - name + type: object + type: array + amphoraImageOwnerID: + default: "" + type: string + customServiceConfig: + default: '# add your customization here' + type: string + databaseAccount: + default: octavia + type: string + databaseHostname: + type: string + databaseInstance: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + lbMgmtNetworkID: + default: "" + type: string + lbSecurityGroupID: + default: "" + type: string + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + octaviaProviderSubnetCIDR: + type: string + octaviaProviderSubnetExtraCIDRs: + items: + type: string + type: array + octaviaProviderSubnetGateway: + type: string + passwordSelectors: + default: + service: OctaviaPassword + properties: + database: + default: OctaviaDatabasePassword + type: string + service: + default: OctaviaPassword + type: string + type: object + persistenceDatabaseAccount: + default: octavia-persistence + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + role: + type: string + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: octavia + type: string + tenantName: + default: service + type: string + tls: + properties: + caBundleSecretName: + type: string + type: object + transportURLSecret: + type: string + required: + - databaseInstance + - role + - secret + - serviceAccount + type: object + octaviaNetworkAttachment: + default: octavia + type: string + octaviaRsyslog: + properties: + adminLogTargets: + items: + properties: + host: + type: string + port: + type: integer + protocol: + type: string + required: + - host + - port + - protocol + type: object + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + default: + - octavia + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + serviceAccount: + type: string + serviceUser: + default: octavia + type: string + tenantLogTargets: + items: + properties: + host: + type: string + port: + type: integer + protocol: + type: string + required: + - host + - port + - protocol + type: object + type: array + required: + - serviceAccount + type: object + octaviaWorker: + properties: + amphoraCustomFlavors: + default: [] + items: + properties: + RAM: + type: integer + RxTxFactor: + type: string + VCPUs: + type: integer + description: + type: string + disk: + type: integer + name: + type: string + required: + - RAM + - VCPUs + - disk + - name + type: object + type: array + amphoraImageOwnerID: + default: "" + type: string + customServiceConfig: + default: '# add your customization here' + type: string + databaseAccount: + default: octavia + type: string + databaseHostname: + type: string + databaseInstance: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + lbMgmtNetworkID: + default: "" + type: string + lbSecurityGroupID: + default: "" + type: string + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + octaviaProviderSubnetCIDR: + type: string + octaviaProviderSubnetExtraCIDRs: + items: + type: string + type: array + octaviaProviderSubnetGateway: + type: string + passwordSelectors: + default: + service: OctaviaPassword + properties: + database: + default: OctaviaDatabasePassword + type: string + service: + default: OctaviaPassword + type: string + type: object + persistenceDatabaseAccount: + default: octavia-persistence + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + role: + type: string + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: octavia + type: string + tenantName: + default: service + type: string + tls: + properties: + caBundleSecretName: + type: string + type: object + transportURLSecret: + type: string + required: + - databaseInstance + - role + - secret + - serviceAccount + type: object + passwordSelectors: + default: + service: OctaviaPassword + properties: + database: + default: OctaviaDatabasePassword + type: string + service: + default: OctaviaPassword + type: string + type: object + persistenceDatabaseAccount: + default: octavia-persistence + type: string + preserveJobs: + default: false + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceUser: + default: octavia + type: string + sshPrivkeySecret: + default: octavia-ssh-privkey-secret + type: string + sshPubkey: + default: octavia-ssh-pubkey + type: string + tenantName: + default: service + type: string + required: + - apacheContainerImage + - databaseInstance + - octaviaAPI + - octaviaNetworkAttachment + - rabbitMqClusterName + - secret + type: object + type: object + openstackclient: + properties: + template: + properties: + caBundleSecretName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + openStackConfigMap: + default: openstack-config + type: string + openStackConfigSecret: + default: openstack-config-secret + type: string + required: + - openStackConfigMap + - openStackConfigSecret + type: object + type: object + ovn: + properties: + enabled: + default: true + type: boolean + template: + properties: + ovnController: + properties: + external-ids: + default: {} + properties: + availability-zones: + default: [] + items: + type: string + type: array + enable-chassis-as-gateway: + default: true + type: boolean + ovn-bridge: + default: br-int + type: string + ovn-encap-type: + default: geneve + enum: + - geneve + - vxlan + type: string + system-id: + default: random + type: string + type: object + networkAttachment: + type: string + nicMappings: + additionalProperties: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tls: + properties: + caBundleSecretName: + type: string + secretName: + type: string + type: object + type: object + ovnDBCluster: + additionalProperties: + properties: + dbType: + default: NB + pattern: ^NB|SB$ + type: string + electionTimer: + default: 10000 + format: int32 + type: integer + inactivityProbe: + default: 60000 + format: int32 + type: integer + logLevel: + default: info + type: string + networkAttachment: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + probeIntervalToActive: + default: 60000 + format: int32 + type: integer + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + storageClass: + type: string + storageRequest: + type: string + tls: + properties: + caBundleSecretName: + type: string + secretName: + type: string + type: object + required: + - dbType + - storageRequest + type: object + type: object + ovnNorthd: + properties: + logLevel: + default: info + type: string + nThreads: + default: 1 + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tls: + properties: + caBundleSecretName: + type: string + secretName: + type: string + type: object + type: object + type: object + type: object + placement: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: true + type: boolean + template: + properties: + customServiceConfig: + type: string + databaseAccount: + default: placement + type: string + databaseInstance: + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + passwordSelectors: + default: + service: PlacementPassword + properties: + service: + default: PlacementPassword + type: string + type: object + preserveJobs: + default: false + type: boolean + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceUser: + default: placement + type: string + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + required: + - databaseInstance + - secret + type: object + type: object + rabbitmq: + properties: + enabled: + default: true + type: boolean + templates: + additionalProperties: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + delayStartSeconds: + default: 30 + format: int32 + minimum: 0 + type: integer + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + allocateLoadBalancerNodePorts: + type: boolean + clusterIP: + type: string + clusterIPs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + items: + type: string + type: array + externalName: + type: string + externalTrafficPolicy: + type: string + healthCheckNodePort: + format: int32 + type: integer + internalTrafficPolicy: + type: string + ipFamilies: + items: + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + ports: + items: + properties: + appProtocol: + type: string + name: + type: string + nodePort: + format: int32 + type: integer + port: + format: int32 + type: integer + protocol: + default: TCP + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + type: boolean + selector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + statefulSet: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + minReadySeconds: + format: int32 + type: integer + persistentVolumeClaimRetentionPolicy: + properties: + whenDeleted: + type: string + whenScaled: + type: string + type: object + podManagementPolicy: + type: string + replicas: + format: int32 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + serviceName: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + updateStrategy: + properties: + rollingUpdate: + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + partition: + format: int32 + type: integer + type: object + type: + type: string + type: object + volumeClaimTemplates: + items: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: array + type: object + type: object + type: object + persistence: + default: + storage: 10Gi + properties: + storage: + anyOf: + - type: integer + - type: string + default: 10Gi + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClassName: + type: string + type: object + rabbitmq: + properties: + additionalConfig: + maxLength: 2000 + type: string + additionalPlugins: + items: + maxLength: 100 + pattern: ^\w+$ + type: string + maxItems: 100 + type: array + advancedConfig: + maxLength: 100000 + type: string + envConfig: + maxLength: 100000 + type: string + erlangInetConfig: + maxLength: 2000 + type: string + type: object + replicas: + default: 1 + format: int32 + minimum: 0 + type: integer + resources: + default: + limits: + cpu: 2000m + memory: 2Gi + requests: + cpu: 1000m + memory: 2Gi + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secretBackend: + properties: + externalSecret: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + vault: + properties: + annotations: + additionalProperties: + type: string + type: object + defaultUserPath: + type: string + defaultUserUpdaterImage: + type: string + role: + type: string + tls: + properties: + altNames: + type: string + commonName: + type: string + ipSans: + type: string + pkiIssuerPath: + type: string + pkiRootPath: + type: string + type: object + type: object + type: object + service: + properties: + annotations: + additionalProperties: + type: string + type: object + ipFamilyPolicy: + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + type: string + type: + default: ClusterIP + enum: + - ClusterIP + - LoadBalancer + - NodePort + type: string + type: object + skipPostDeploySteps: + type: boolean + terminationGracePeriodSeconds: + default: 604800 + format: int64 + minimum: 0 + type: integer + tls: + properties: + caSecretName: + type: string + disableNonTLSListeners: + type: boolean + secretName: + type: string + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + type: object + type: object + redis: + properties: + enabled: + default: false + type: boolean + templates: + additionalProperties: + properties: + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + type: integer + tls: + properties: + caBundleSecretName: + type: string + secretName: + type: string + type: object + type: object + type: object + type: object + secret: + type: string + storageClass: + type: string + swift: + properties: + enabled: + default: true + type: boolean + proxyOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + template: + properties: + memcachedInstance: + default: memcached + type: string + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + storageClass: + default: "" + type: string + swiftProxy: + properties: + ceilometerEnabled: + default: false + type: boolean + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + encryptionEnabled: + default: false + type: boolean + memcachedInstance: + default: memcached + type: string + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + passwordSelectors: + default: + service: SwiftPassword + properties: + service: + default: SwiftPassword + type: string + type: object + rabbitMqClusterName: + default: rabbitmq + type: string + replicas: + default: 1 + format: int32 + minimum: 0 + type: integer + secret: + default: osp-secret + type: string + serviceUser: + default: swift + type: string + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + required: + - memcachedInstance + - rabbitMqClusterName + - replicas + - secret + - serviceUser + type: object + swiftRing: + properties: + minPartHours: + default: 1 + format: int64 + minimum: 1 + type: integer + nodeSelector: + additionalProperties: + type: string + type: object + partPower: + default: 10 + format: int64 + minimum: 1 + type: integer + ringReplicas: + default: 1 + format: int64 + minimum: 1 + type: integer + tls: + properties: + caBundleSecretName: + type: string + type: object + required: + - minPartHours + - partPower + - ringReplicas + type: object + swiftStorage: + properties: + containerSharderEnabled: + default: false + type: boolean + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + memcachedInstance: + default: memcached + type: string + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + minimum: 0 + type: integer + storageClass: + default: "" + type: string + storageRequest: + default: 10Gi + type: string + required: + - memcachedInstance + - replicas + - storageClass + - storageRequest + type: object + required: + - memcachedInstance + - storageClass + - swiftProxy + - swiftRing + - swiftStorage + type: object + type: object + telemetry: + properties: + alertmanagerOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + aodhApiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: true + type: boolean + prometheusOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + externalCertificate: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: 'cannot have both spec.tls.termination: + passthrough and spec.tls.insecureEdgeTerminationPolicy: + Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + template: + properties: + autoscaling: + properties: + aodh: + default: + databaseAccount: aodh + databaseInstance: openstack + memcachedInstance: memcached + passwordSelector: + aodhService: AodhPassword + rabbitMqClusterName: rabbitmq + secret: osp-secret + serviceUser: aodh + properties: + apiTimeout: + default: 60 + type: integer + customServiceConfig: + default: '# add your customization here' + type: string + databaseAccount: + default: aodh + type: string + databaseInstance: + default: openstack + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + memcachedInstance: + default: memcached + type: string + networkAttachmentDefinitions: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + passwordSelector: + default: + aodhService: AodhPassword + properties: + aodhService: + default: AodhPassword + type: string + ceilometerService: + default: CeilometerPassword + type: string + type: object + preserveJobs: + default: false + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + secret: + default: osp-secret + type: string + serviceUser: + default: aodh + type: string + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + required: + - databaseInstance + - secret + type: object + enabled: + default: false + type: boolean + heatInstance: + default: heat + type: string + prometheusHost: + type: string + prometheusPort: + format: int32 + maximum: 65535 + minimum: 1 + type: integer + prometheusTLSCaCertSecret: + nullable: true + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - heatInstance + type: object + ceilometer: + properties: + apiTimeout: + default: 60 + type: integer + customServiceConfig: + default: '# add your customization here' + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + enabled: + default: true + type: boolean + ksmTls: + properties: + caBundleSecretName: + type: string + secretName: + type: string + type: object + mysqldExporterDatabaseAccountPrefix: + default: mysqld-exporter + type: string + mysqldExporterEnabled: + type: boolean + mysqldExporterTLS: + properties: + caBundleSecretName: + type: string + secretName: + type: string + type: object + networkAttachmentDefinitions: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelector: + default: + ceilometerService: CeilometerPassword + properties: + aodhService: + default: AodhPassword + type: string + ceilometerService: + default: CeilometerPassword + type: string + type: object + rabbitMqClusterName: + default: rabbitmq + type: string + secret: + default: osp-secret + type: string + serviceUser: + default: ceilometer + type: string + tls: + properties: + caBundleSecretName: + type: string + secretName: + type: string + type: object + required: + - secret + type: object + logging: + properties: + annotations: + additionalProperties: + type: string + default: + metallb.universe.tf/address-pool: internalapi + metallb.universe.tf/allow-shared-ip: internalapi + metallb.universe.tf/loadBalancerIPs: 172.17.0.80 + type: object + cloNamespace: + default: openshift-logging + type: string + enabled: + default: true + type: boolean + port: + default: 10514 + format: int32 + type: integer + rsyslogQueueSize: + default: 10000 + format: int32 + type: integer + rsyslogQueueType: + default: linkedList + type: string + rsyslogRetries: + default: 100 + format: int32 + type: integer + targetPort: + default: 10514 + type: integer + required: + - rsyslogQueueType + type: object + metricStorage: + properties: + customMonitoringStack: + nullable: true + properties: + alertmanagerConfig: + default: + disabled: false + properties: + disabled: + default: false + type: boolean + type: object + logLevel: + default: info + enum: + - debug + - info + - warn + - error + type: string + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + prometheusConfig: + default: + replicas: 2 + properties: + enableOtlpHttpReceiver: + type: boolean + enableRemoteWriteReceiver: + type: boolean + externalLabels: + additionalProperties: + type: string + type: object + persistentVolumeClaim: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + remoteWrite: + items: + properties: + authorization: + properties: + credentials: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + type: string + type: + type: string + type: object + azureAd: + properties: + cloud: + enum: + - AzureChina + - AzureGovernment + - AzurePublic + type: string + managedIdentity: + properties: + clientId: + type: string + required: + - clientId + type: object + oauth: + properties: + clientId: + minLength: 1 + type: string + clientSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tenantId: + minLength: 1 + pattern: ^[0-9a-zA-Z-.]+$ + type: string + required: + - clientId + - clientSecret + - tenantId + type: object + type: object + basicAuth: + properties: + password: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + type: string + bearerTokenFile: + type: string + enableHTTP2: + type: boolean + headers: + additionalProperties: + type: string + type: object + metadataConfig: + properties: + send: + type: boolean + sendInterval: + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + name: + type: string + oauth2: + properties: + clientId: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + type: object + scopes: + items: + type: string + type: array + tokenUrl: + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyUrl: + type: string + queueConfig: + properties: + batchSendDeadline: + type: string + capacity: + type: integer + maxBackoff: + type: string + maxRetries: + type: integer + maxSamplesPerSend: + type: integer + maxShards: + type: integer + minBackoff: + type: string + minShards: + type: integer + retryOnRateLimit: + type: boolean + type: object + remoteTimeout: + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + sendExemplars: + type: boolean + sendNativeHistograms: + type: boolean + sigv4: + properties: + accessKey: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + type: string + region: + type: string + roleArn: + type: string + secretKey: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + tlsConfig: + properties: + ca: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + type: string + cert: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + type: string + insecureSkipVerify: + type: boolean + keyFile: + type: string + keySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + type: string + type: object + url: + type: string + writeRelabelConfigs: + items: + properties: + action: + default: replace + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + type: string + type: object + type: array + required: + - url + type: object + type: array + replicas: + default: 2 + format: int32 + minimum: 0 + type: integer + scrapeInterval: + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + resourceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + resources: + default: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + retention: + default: 120h + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + dashboardsEnabled: + default: false + type: boolean + dataplaneNetwork: + default: ctlplane + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + enabled: + default: false + type: boolean + monitoringStack: + nullable: true + properties: + alertingEnabled: + default: true + type: boolean + scrapeInterval: + default: 30s + type: string + storage: + default: + persistent: + pvcStorageRequest: 20G + retention: 24h + strategy: persistent + properties: + persistent: + properties: + pvcStorageClass: + type: string + pvcStorageRequest: + default: 20G + type: string + pvcStorageSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + retention: + default: 24h + type: string + strategy: + default: persistent + enum: + - persistent + - ephemeral + type: string + type: object + type: object + prometheusTls: + properties: + caBundleSecretName: + type: string + secretName: + type: string + type: object + type: object + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: object + tls: + default: + ingress: + ca: + duration: 87600h + cert: + duration: 43800h + enabled: true + podLevel: + enabled: true + internal: + ca: + duration: 87600h + cert: + duration: 43800h + libvirt: + ca: + duration: 87600h + cert: + duration: 43800h + ovn: + ca: + duration: 87600h + cert: + duration: 43800h + properties: + caBundleSecretName: + type: string + ingress: + default: + ca: + duration: 87600h + cert: + duration: 43800h + enabled: true + properties: + ca: + default: + duration: 87600h + properties: + customIssuer: + type: string + duration: + default: 87600h + type: string + renewBefore: + type: string + type: object + cert: + default: + duration: 43800h + properties: + duration: + default: 43800h + type: string + renewBefore: + type: string + type: object + enabled: + default: true + type: boolean + type: object + podLevel: + default: + enabled: true + internal: + ca: + duration: 87600h + cert: + duration: 43800h + libvirt: + ca: + duration: 87600h + cert: + duration: 43800h + ovn: + ca: + duration: 87600h + cert: + duration: 43800h + properties: + enabled: + default: true + type: boolean + internal: + default: + ca: + duration: 87600h + cert: + duration: 43800h + properties: + ca: + default: + duration: 87600h + properties: + customIssuer: + type: string + duration: + default: 87600h + type: string + renewBefore: + type: string + type: object + cert: + default: + duration: 43800h + properties: + duration: + default: 43800h + type: string + renewBefore: + type: string + type: object + type: object + libvirt: + default: + ca: + duration: 87600h + cert: + duration: 43800h + properties: + ca: + default: + duration: 87600h + properties: + customIssuer: + type: string + duration: + default: 87600h + type: string + renewBefore: + type: string + type: object + cert: + default: + duration: 43800h + properties: + duration: + default: 43800h + type: string + renewBefore: + type: string + type: object + type: object + ovn: + default: + ca: + duration: 87600h + cert: + duration: 43800h + properties: + ca: + default: + duration: 87600h + properties: + customIssuer: + type: string + duration: + default: 87600h + type: string + renewBefore: + type: string + type: object + cert: + default: + duration: 43800h + properties: + duration: + default: 43800h + type: string + renewBefore: + type: string + type: object + type: object + type: object + type: object + required: + - secret + - storageClass + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + containerImages: + properties: + agentImage: + type: string + ansibleeeImage: + type: string + aodhAPIImage: + type: string + aodhEvaluatorImage: + type: string + aodhListenerImage: + type: string + aodhNotifierImage: + type: string + apacheImage: + type: string + barbicanAPIImage: + type: string + barbicanKeystoneListenerImage: + type: string + barbicanWorkerImage: + type: string + ceilometerCentralImage: + type: string + ceilometerComputeImage: + type: string + ceilometerIpmiImage: + type: string + ceilometerNotificationImage: + type: string + ceilometerProxyImage: + type: string + ceilometerSgcoreImage: + type: string + cinderAPIImage: + type: string + cinderBackupImage: + type: string + cinderSchedulerImage: + type: string + cinderVolumeImages: + additionalProperties: + type: string + type: object + designateAPIImage: + type: string + designateBackendbind9Image: + type: string + designateCentralImage: + type: string + designateMdnsImage: + type: string + designateProducerImage: + type: string + designateUnboundImage: + type: string + designateWorkerImage: + type: string + edpmFrrImage: + type: string + edpmIscsidImage: + type: string + edpmKeplerImage: + type: string + edpmLogrotateCrondImage: + type: string + edpmMultipathdImage: + type: string + edpmNeutronDhcpAgentImage: + type: string + edpmNeutronMetadataAgentImage: + type: string + edpmNeutronOvnAgentImage: + type: string + edpmNeutronSriovAgentImage: + type: string + edpmNodeExporterImage: + type: string + edpmOvnBgpAgentImage: + type: string + glanceAPIImage: + type: string + heatAPIImage: + type: string + heatCfnapiImage: + type: string + heatEngineImage: + type: string + horizonImage: + type: string + infraDnsmasqImage: + type: string + infraMemcachedImage: + type: string + infraRedisImage: + type: string + ironicAPIImage: + type: string + ironicConductorImage: + type: string + ironicInspectorImage: + type: string + ironicNeutronAgentImage: + type: string + ironicPxeImage: + type: string + ironicPythonAgentImage: + type: string + keystoneAPIImage: + type: string + manilaAPIImage: + type: string + manilaSchedulerImage: + type: string + manilaShareImages: + additionalProperties: + type: string + type: object + mariadbImage: + type: string + neutronAPIImage: + type: string + novaAPIImage: + type: string + novaComputeImage: + type: string + novaConductorImage: + type: string + novaNovncImage: + type: string + novaSchedulerImage: + type: string + octaviaAPIImage: + type: string + octaviaApacheImage: + type: string + octaviaHealthmanagerImage: + type: string + octaviaHousekeepingImage: + type: string + octaviaWorkerImage: + type: string + openstackClientImage: + type: string + osContainerImage: + type: string + ovnControllerImage: + type: string + ovnControllerOvsImage: + type: string + ovnNbDbclusterImage: + type: string + ovnNorthdImage: + type: string + ovnSbDbclusterImage: + type: string + placementAPIImage: + type: string + rabbitmqImage: + type: string + swiftAccountImage: + type: string + swiftContainerImage: + type: string + swiftObjectImage: + type: string + swiftProxyImage: + type: string + telemetryNodeExporterImage: + type: string + testAnsibletestImage: + type: string + testHorizontestImage: + type: string + testTempestImage: + type: string + testTobikoImage: + type: string + type: object + deployedOVNVersion: + type: string + deployedVersion: + type: string + observedGeneration: + format: int64 + type: integer + tls: + properties: + caBundleSecretName: + type: string + caList: + items: + properties: + expires: + type: string + name: + type: string + required: + - expires + - name + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: openstackdataplanedeployments.dataplane.openstack.org +spec: + group: dataplane.openstack.org + names: + kind: OpenStackDataPlaneDeployment + listKind: OpenStackDataPlaneDeploymentList + plural: openstackdataplanedeployments + shortNames: + - osdpd + - osdpdeployment + - osdpdeployments + singular: openstackdataplanedeployment + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NodeSets + jsonPath: .spec.nodeSets + name: NodeSets + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + ansibleExtraVars: + x-kubernetes-preserve-unknown-fields: true + ansibleJobNodeSelector: + additionalProperties: + type: string + type: object + ansibleLimit: + type: string + ansibleSkipTags: + type: string + ansibleTags: + type: string + backoffLimit: + default: 6 + format: int32 + type: integer + deploymentRequeueTime: + default: 15 + minimum: 1 + type: integer + nodeSets: + items: + type: string + minItems: 1 + type: array + preserveJobs: + default: true + enum: + - true + - false + type: boolean + servicesOverride: + items: + type: string + type: array + required: + - deploymentRequeueTime + - nodeSets + type: object + x-kubernetes-validations: + - message: OpenStackDataPlaneDeployment Spec is immutable + rule: self == oldSelf + status: + properties: + ansibleEEHashes: + additionalProperties: + type: string + type: object + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + configMapHashes: + additionalProperties: + type: string + type: object + containerImages: + additionalProperties: + type: string + type: object + deployed: + type: boolean + deployedVersion: + type: string + nodeSetConditions: + additionalProperties: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + nodeSetHashes: + additionalProperties: + type: string + type: object + observedGeneration: + format: int64 + type: integer + secretHashes: + additionalProperties: + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: openstackdataplanenodesets.dataplane.openstack.org +spec: + group: dataplane.openstack.org + names: + kind: OpenStackDataPlaneNodeSet + listKind: OpenStackDataPlaneNodeSetList + plural: openstackdataplanenodesets + shortNames: + - osdpns + - osdpnodeset + - osdpnodesets + singular: openstackdataplanenodeset + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + baremetalSetTemplate: + properties: + agentImageUrl: + type: string + apacheImageUrl: + type: string + automatedCleaningMode: + default: metadata + enum: + - metadata + - disabled + type: string + baremetalHosts: + additionalProperties: + properties: + bmhLabelSelector: + additionalProperties: + type: string + type: object + ctlPlaneIP: + type: string + networkData: + properties: + name: + type: string + namespace: + type: string + type: object + x-kubernetes-map-type: atomic + userData: + properties: + name: + type: string + namespace: + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + bmhLabelSelector: + additionalProperties: + type: string + type: object + bmhNamespace: + default: openshift-machine-api + type: string + bootstrapDns: + items: + type: string + type: array + cloudUserName: + default: cloud-admin + type: string + ctlplaneGateway: + type: string + ctlplaneInterface: + type: string + ctlplaneNetmask: + default: 255.255.255.0 + type: string + deploymentSSHSecret: + type: string + dnsSearchDomains: + items: + type: string + type: array + domainName: + type: string + hardwareReqs: + properties: + cpuReqs: + properties: + arch: + enum: + - x86_64 + - ppc64le + type: string + countReq: + properties: + count: + minimum: 1 + type: integer + exactMatch: + type: boolean + type: object + mhzReq: + properties: + exactMatch: + type: boolean + mhz: + minimum: 1 + type: integer + type: object + type: object + diskReqs: + properties: + gbReq: + properties: + exactMatch: + type: boolean + gb: + minimum: 1 + type: integer + type: object + ssdReq: + properties: + exactMatch: + type: boolean + ssd: + type: boolean + type: object + type: object + memReqs: + properties: + gbReq: + properties: + exactMatch: + type: boolean + gb: + minimum: 1 + type: integer + type: object + type: object + type: object + osContainerImageUrl: + type: string + osImage: + type: string + passwordSecret: + properties: + name: + type: string + namespace: + type: string + type: object + x-kubernetes-map-type: atomic + provisionServerName: + type: string + provisionServerNodeSelector: + additionalProperties: + type: string + type: object + provisioningInterface: + type: string + required: + - cloudUserName + - ctlplaneInterface + - deploymentSSHSecret + type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + networkAttachments: + items: + type: string + type: array + nodeTemplate: + properties: + ansible: + properties: + ansibleHost: + type: string + ansiblePort: + type: integer + ansibleUser: + type: string + ansibleVars: + x-kubernetes-preserve-unknown-fields: true + ansibleVarsFrom: + items: + properties: + configMapRef: + properties: + name: + maxLength: 253 + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + maxLength: 253 + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + type: object + ansibleSSHPrivateKeySecret: + maxLength: 253 + type: string + extraMounts: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + managementNetwork: + default: ctlplane + type: string + networkData: + properties: + name: + type: string + namespace: + type: string + type: object + x-kubernetes-map-type: atomic + networks: + items: + properties: + defaultRoute: + type: boolean + fixedIP: + type: string + name: + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + subnetName: + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + required: + - name + - subnetName + type: object + type: array + userData: + properties: + name: + type: string + namespace: + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ansibleSSHPrivateKeySecret + type: object + nodes: + additionalProperties: + properties: + ansible: + properties: + ansibleHost: + type: string + ansiblePort: + type: integer + ansibleUser: + type: string + ansibleVars: + x-kubernetes-preserve-unknown-fields: true + ansibleVarsFrom: + items: + properties: + configMapRef: + properties: + name: + maxLength: 253 + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + maxLength: 253 + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + type: object + bmhLabelSelector: + additionalProperties: + type: string + type: object + hostName: + type: string + managementNetwork: + type: string + networkData: + properties: + name: + type: string + namespace: + type: string + type: object + x-kubernetes-map-type: atomic + networks: + items: + properties: + defaultRoute: + type: boolean + fixedIP: + type: string + name: + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + subnetName: + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + required: + - name + - subnetName + type: object + type: array + userData: + properties: + name: + type: string + namespace: + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + preProvisioned: + type: boolean + secretMaxSize: + default: 1048576 + type: integer + services: + default: + - download-cache + - bootstrap + - configure-network + - validate-network + - install-os + - configure-os + - ssh-known-hosts + - run-os + - reboot-os + - install-certs + - ovn + - neutron-metadata + - libvirt + - nova + - telemetry + items: + type: string + type: array + tags: + items: + type: string + type: array + tlsEnabled: + default: true + type: boolean + required: + - nodeTemplate + - nodes + type: object + status: + properties: + allHostnames: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + allIPs: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + configHash: + type: string + configMapHashes: + additionalProperties: + type: string + type: object + containerImages: + additionalProperties: + type: string + type: object + ctlplaneSearchDomain: + type: string + deployedConfigHash: + type: string + deployedVersion: + type: string + deploymentStatuses: + additionalProperties: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + dnsClusterAddresses: + items: + type: string + type: array + inventorySecretName: + type: string + observedGeneration: + format: int64 + type: integer + secretHashes: + additionalProperties: + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: openstackdataplaneservices.dataplane.openstack.org +spec: + group: dataplane.openstack.org + names: + kind: OpenStackDataPlaneService + listKind: OpenStackDataPlaneServiceList + plural: openstackdataplaneservices + shortNames: + - osdps + - osdpservice + - osdpservices + singular: openstackdataplaneservice + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + addCertMounts: + default: false + type: boolean + caCerts: + default: combined-ca-bundle + maxLength: 253 + type: string + certsFrom: + type: string + containerImageFields: + items: + type: string + type: array + dataSources: + items: + properties: + configMapRef: + properties: + name: + maxLength: 253 + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + maxLength: 253 + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + deployOnAllNodeSets: + type: boolean + edpmServiceType: + type: string + openStackAnsibleEERunnerImage: + type: string + playbook: + type: string + playbookContents: + type: string + tlsCerts: + additionalProperties: + properties: + contents: + items: + type: string + minItems: 1 + type: array + edpmRoleServiceName: + type: string + issuer: + type: string + keyUsages: + items: + enum: + - signing + - digital signature + - content commitment + - key encipherment + - key agreement + - data encipherment + - cert sign + - crl sign + - encipher only + - decipher only + - any + - server auth + - client auth + - code signing + - email protection + - s/mime + - ipsec end system + - ipsec tunnel + - ipsec user + - timestamping + - ocsp signing + - microsoft sgc + - netscape sgc + type: string + type: array + networks: + items: + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + type: array + required: + - contents + type: object + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: openstackversions.core.openstack.org +spec: + group: core.openstack.org + names: + kind: OpenStackVersion + listKind: OpenStackVersionList + plural: openstackversions + singular: openstackversion + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.targetVersion + name: Target Version + type: string + - jsonPath: .status.availableVersion + name: Available Version + type: string + - jsonPath: .status.deployedVersion + name: Deployed Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + customContainerImages: + properties: + agentImage: + type: string + ansibleeeImage: + type: string + aodhAPIImage: + type: string + aodhEvaluatorImage: + type: string + aodhListenerImage: + type: string + aodhNotifierImage: + type: string + apacheImage: + type: string + barbicanAPIImage: + type: string + barbicanKeystoneListenerImage: + type: string + barbicanWorkerImage: + type: string + ceilometerCentralImage: + type: string + ceilometerComputeImage: + type: string + ceilometerIpmiImage: + type: string + ceilometerNotificationImage: + type: string + ceilometerSgcoreImage: + type: string + cinderAPIImage: + type: string + cinderBackupImage: + type: string + cinderSchedulerImage: + type: string + cinderVolumeImages: + additionalProperties: + type: string + type: object + designateAPIImage: + type: string + designateBackendbind9Image: + type: string + designateCentralImage: + type: string + designateMdnsImage: + type: string + designateProducerImage: + type: string + designateUnboundImage: + type: string + designateWorkerImage: + type: string + edpmFrrImage: + type: string + edpmIscsidImage: + type: string + edpmKeplerImage: + type: string + edpmLogrotateCrondImage: + type: string + edpmMultipathdImage: + type: string + edpmNeutronDhcpAgentImage: + type: string + edpmNeutronMetadataAgentImage: + type: string + edpmNeutronOvnAgentImage: + type: string + edpmNeutronSriovAgentImage: + type: string + edpmNodeExporterImage: + type: string + edpmOvnBgpAgentImage: + type: string + glanceAPIImage: + type: string + heatAPIImage: + type: string + heatCfnapiImage: + type: string + heatEngineImage: + type: string + horizonImage: + type: string + infraDnsmasqImage: + type: string + infraMemcachedImage: + type: string + infraRedisImage: + type: string + ironicAPIImage: + type: string + ironicConductorImage: + type: string + ironicInspectorImage: + type: string + ironicNeutronAgentImage: + type: string + ironicPxeImage: + type: string + ironicPythonAgentImage: + type: string + keystoneAPIImage: + type: string + manilaAPIImage: + type: string + manilaSchedulerImage: + type: string + manilaShareImages: + additionalProperties: + type: string + type: object + mariadbImage: + type: string + neutronAPIImage: + type: string + novaAPIImage: + type: string + novaComputeImage: + type: string + novaConductorImage: + type: string + novaNovncImage: + type: string + novaSchedulerImage: + type: string + octaviaAPIImage: + type: string + octaviaHealthmanagerImage: + type: string + octaviaHousekeepingImage: + type: string + octaviaWorkerImage: + type: string + openstackClientImage: + type: string + osContainerImage: + type: string + ovnControllerImage: + type: string + ovnControllerOvsImage: + type: string + ovnNbDbclusterImage: + type: string + ovnNorthdImage: + type: string + ovnSbDbclusterImage: + type: string + placementAPIImage: + type: string + rabbitmqImage: + type: string + swiftAccountImage: + type: string + swiftContainerImage: + type: string + swiftObjectImage: + type: string + swiftProxyImage: + type: string + telemetryNodeExporterImage: + type: string + testAnsibletestImage: + type: string + testHorizontestImage: + type: string + testTempestImage: + type: string + testTobikoImage: + type: string + type: object + targetVersion: + type: string + required: + - targetVersion + type: object + status: + properties: + availableVersion: + type: string + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + containerImageVersionDefaults: + additionalProperties: + properties: + agentImage: + type: string + ansibleeeImage: + type: string + aodhAPIImage: + type: string + aodhEvaluatorImage: + type: string + aodhListenerImage: + type: string + aodhNotifierImage: + type: string + apacheImage: + type: string + barbicanAPIImage: + type: string + barbicanKeystoneListenerImage: + type: string + barbicanWorkerImage: + type: string + ceilometerCentralImage: + type: string + ceilometerComputeImage: + type: string + ceilometerIpmiImage: + type: string + ceilometerNotificationImage: + type: string + ceilometerSgcoreImage: + type: string + cinderAPIImage: + type: string + cinderBackupImage: + type: string + cinderSchedulerImage: + type: string + cinderVolumeImage: + type: string + designateAPIImage: + type: string + designateBackendbind9Image: + type: string + designateCentralImage: + type: string + designateMdnsImage: + type: string + designateProducerImage: + type: string + designateUnboundImage: + type: string + designateWorkerImage: + type: string + edpmFrrImage: + type: string + edpmIscsidImage: + type: string + edpmKeplerImage: + type: string + edpmLogrotateCrondImage: + type: string + edpmMultipathdImage: + type: string + edpmNeutronDhcpAgentImage: + type: string + edpmNeutronMetadataAgentImage: + type: string + edpmNeutronOvnAgentImage: + type: string + edpmNeutronSriovAgentImage: + type: string + edpmNodeExporterImage: + type: string + edpmOvnBgpAgentImage: + type: string + glanceAPIImage: + type: string + heatAPIImage: + type: string + heatCfnapiImage: + type: string + heatEngineImage: + type: string + horizonImage: + type: string + infraDnsmasqImage: + type: string + infraMemcachedImage: + type: string + infraRedisImage: + type: string + ironicAPIImage: + type: string + ironicConductorImage: + type: string + ironicInspectorImage: + type: string + ironicNeutronAgentImage: + type: string + ironicPxeImage: + type: string + ironicPythonAgentImage: + type: string + keystoneAPIImage: + type: string + manilaAPIImage: + type: string + manilaSchedulerImage: + type: string + manilaShareImage: + type: string + mariadbImage: + type: string + neutronAPIImage: + type: string + novaAPIImage: + type: string + novaComputeImage: + type: string + novaConductorImage: + type: string + novaNovncImage: + type: string + novaSchedulerImage: + type: string + octaviaAPIImage: + type: string + octaviaHealthmanagerImage: + type: string + octaviaHousekeepingImage: + type: string + octaviaWorkerImage: + type: string + openstackClientImage: + type: string + osContainerImage: + type: string + ovnControllerImage: + type: string + ovnControllerOvsImage: + type: string + ovnNbDbclusterImage: + type: string + ovnNorthdImage: + type: string + ovnSbDbclusterImage: + type: string + placementAPIImage: + type: string + rabbitmqImage: + type: string + swiftAccountImage: + type: string + swiftContainerImage: + type: string + swiftObjectImage: + type: string + swiftProxyImage: + type: string + telemetryNodeExporterImage: + type: string + testAnsibletestImage: + type: string + testHorizontestImage: + type: string + testTempestImage: + type: string + testTobikoImage: + type: string + type: object + type: object + containerImages: + properties: + agentImage: + type: string + ansibleeeImage: + type: string + aodhAPIImage: + type: string + aodhEvaluatorImage: + type: string + aodhListenerImage: + type: string + aodhNotifierImage: + type: string + apacheImage: + type: string + barbicanAPIImage: + type: string + barbicanKeystoneListenerImage: + type: string + barbicanWorkerImage: + type: string + ceilometerCentralImage: + type: string + ceilometerComputeImage: + type: string + ceilometerIpmiImage: + type: string + ceilometerNotificationImage: + type: string + ceilometerProxyImage: + type: string + ceilometerSgcoreImage: + type: string + cinderAPIImage: + type: string + cinderBackupImage: + type: string + cinderSchedulerImage: + type: string + cinderVolumeImages: + additionalProperties: + type: string + type: object + designateAPIImage: + type: string + designateBackendbind9Image: + type: string + designateCentralImage: + type: string + designateMdnsImage: + type: string + designateProducerImage: + type: string + designateUnboundImage: + type: string + designateWorkerImage: + type: string + edpmFrrImage: + type: string + edpmIscsidImage: + type: string + edpmKeplerImage: + type: string + edpmLogrotateCrondImage: + type: string + edpmMultipathdImage: + type: string + edpmNeutronDhcpAgentImage: + type: string + edpmNeutronMetadataAgentImage: + type: string + edpmNeutronOvnAgentImage: + type: string + edpmNeutronSriovAgentImage: + type: string + edpmNodeExporterImage: + type: string + edpmOvnBgpAgentImage: + type: string + glanceAPIImage: + type: string + heatAPIImage: + type: string + heatCfnapiImage: + type: string + heatEngineImage: + type: string + horizonImage: + type: string + infraDnsmasqImage: + type: string + infraMemcachedImage: + type: string + infraRedisImage: + type: string + ironicAPIImage: + type: string + ironicConductorImage: + type: string + ironicInspectorImage: + type: string + ironicNeutronAgentImage: + type: string + ironicPxeImage: + type: string + ironicPythonAgentImage: + type: string + keystoneAPIImage: + type: string + manilaAPIImage: + type: string + manilaSchedulerImage: + type: string + manilaShareImages: + additionalProperties: + type: string + type: object + mariadbImage: + type: string + neutronAPIImage: + type: string + novaAPIImage: + type: string + novaComputeImage: + type: string + novaConductorImage: + type: string + novaNovncImage: + type: string + novaSchedulerImage: + type: string + octaviaAPIImage: + type: string + octaviaApacheImage: + type: string + octaviaHealthmanagerImage: + type: string + octaviaHousekeepingImage: + type: string + octaviaWorkerImage: + type: string + openstackClientImage: + type: string + osContainerImage: + type: string + ovnControllerImage: + type: string + ovnControllerOvsImage: + type: string + ovnNbDbclusterImage: + type: string + ovnNorthdImage: + type: string + ovnSbDbclusterImage: + type: string + placementAPIImage: + type: string + rabbitmqImage: + type: string + swiftAccountImage: + type: string + swiftContainerImage: + type: string + swiftObjectImage: + type: string + swiftProxyImage: + type: string + telemetryNodeExporterImage: + type: string + testAnsibletestImage: + type: string + testHorizontestImage: + type: string + testTempestImage: + type: string + testTobikoImage: + type: string + type: object + deployedVersion: + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/bindata/crds/designate.openstack.org_designateapis.yaml b/bindata/crds/designate.openstack.org_designateapis.yaml new file mode 100644 index 000000000..c23315aa4 --- /dev/null +++ b/bindata/crds/designate.openstack.org_designateapis.yaml @@ -0,0 +1,489 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: designateapis.designate.openstack.org +spec: + group: designate.openstack.org + names: + kind: DesignateAPI + listKind: DesignateAPIList + plural: designateapis + singular: designateapi + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: DesignateAPI is the Schema for the designateapis API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DesignateAPISpec defines the desired state of DesignateAPI + properties: + backendMdnsServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] + type: string + backendType: + description: |- + BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. + Helps maintain a single init container/init.sh to do container setup + type: string + backendWorkerServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] + type: string + containerImage: + description: ContainerImage - Designate Container Image URL (will + be set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: designate + description: DatabaseAccount - name of MariaDBAccount which will be + used to connect. + type: string + databaseHostname: + description: DatabaseHostname - Designate Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Designate CR. + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelectors: + default: + service: DesignatePassword + description: PasswordSelectors - Selectors to identify the DB and + ServiceUser password from the Secret + properties: + service: + default: DesignatePassword + description: Service - Selector to get the designate service password + from the Secret + type: string + type: object + replicas: + default: 1 + description: Replicas - Designate API Replicas + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information for + DesignatePassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Designate services the default SA name + type: string + serviceUser: + default: designate + description: ServiceUser - optional username used for this service + to register in designate + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret for + the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + public: + description: Public GenericService - holds the secret for + the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + transportURLSecret: + description: Secret containing RabbitMq transport URL + type: string + required: + - containerImage + type: object + status: + description: DesignateAPIStatus defines the observed state of DesignateAPI + properties: + apiEndpoints: + additionalProperties: + additionalProperties: + type: string + type: object + description: API endpoints + type: object + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of designate API instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/designate.openstack.org_designatebackendbind9s.yaml b/bindata/crds/designate.openstack.org_designatebackendbind9s.yaml new file mode 100644 index 000000000..4abf0fbcb --- /dev/null +++ b/bindata/crds/designate.openstack.org_designatebackendbind9s.yaml @@ -0,0 +1,307 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: designatebackendbind9s.designate.openstack.org +spec: + group: designate.openstack.org + names: + kind: DesignateBackendbind9 + listKind: DesignateBackendbind9List + plural: designatebackendbind9s + singular: designatebackendbind9 + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: DesignateBackendbind9 is the Schema for the designatebackendbind9 + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DesignateBackendbind9Spec defines the desired state of DesignateBackendbind9 + properties: + backendMdnsServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] + type: string + backendType: + description: |- + BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. + Helps maintain a single init container/init.sh to do container setup + type: string + backendWorkerServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] + type: string + containerImage: + description: ContainerImage - Designate Container Image URL (will + be set to environmental default if empty) + type: string + controlNetworkName: + default: designate + description: ControlNetworkName - specify which network attachment + is to be used for control, notifys and zone transfers. + type: string + customBindOptions: + description: CustomBindOptions - custom bind9 options + items: + type: string + type: array + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: designate + description: DatabaseAccount - name of MariaDBAccount which will be + used to connect. + type: string + databaseHostname: + description: DatabaseHostname - Designate Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Designate CR. + type: object + passwordSelectors: + default: + service: DesignatePassword + description: PasswordSelectors - Selectors to identify the DB and + ServiceUser password from the Secret + properties: + service: + default: DesignatePassword + description: Service - Selector to get the designate service password + from the Secret + type: string + type: object + replicas: + default: 1 + description: Replicas - Designate Backendbind9 Replicas + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information for + DesignatePassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Designate services the default SA name + type: string + serviceUser: + default: designate + description: ServiceUser - optional username used for this service + to register in designate + type: string + storageClass: + description: StorageClass + type: string + storageRequest: + description: StorageRequest + type: string + transportURLSecret: + description: Secret containing RabbitMq transport URL + type: string + required: + - containerImage + type: object + status: + description: DesignateBackendbind9Status defines the observed state of + DesignateBackendbind9 + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of designate backendbind9 instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/designate.openstack.org_designatecentrals.yaml b/bindata/crds/designate.openstack.org_designatecentrals.yaml new file mode 100644 index 000000000..4c5482878 --- /dev/null +++ b/bindata/crds/designate.openstack.org_designatecentrals.yaml @@ -0,0 +1,309 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: designatecentrals.designate.openstack.org +spec: + group: designate.openstack.org + names: + kind: DesignateCentral + listKind: DesignateCentralList + plural: designatecentrals + singular: designatecentral + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: DesignateCentral is the Schema for the designatecentral API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DesignateCentralSpec defines the input parameters for the + Designate Central service + properties: + backendMdnsServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] + type: string + backendType: + description: |- + BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. + Helps maintain a single init container/init.sh to do container setup + type: string + backendWorkerServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] + type: string + containerImage: + description: ContainerImage - Designate Container Image URL (will + be set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: designate + description: DatabaseAccount - name of MariaDBAccount which will be + used to connect. + type: string + databaseHostname: + description: DatabaseHostname - Designate Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Designate CR. + type: object + passwordSelectors: + default: + service: DesignatePassword + description: PasswordSelectors - Selectors to identify the DB and + ServiceUser password from the Secret + properties: + service: + default: DesignatePassword + description: Service - Selector to get the designate service password + from the Secret + type: string + type: object + redisHostIPs: + description: List of Redis Host IP addresses + items: + type: string + type: array + x-kubernetes-list-type: atomic + replicas: + default: 1 + description: Replicas - Designate Central Replicas + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information for + DesignatePassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Designate services the default SA name + type: string + serviceUser: + default: designate + description: ServiceUser - optional username used for this service + to register in designate + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + transportURLSecret: + description: Secret containing RabbitMq transport URL + type: string + required: + - containerImage + type: object + status: + description: DesignateCentralStatus defines the observed state of DesignateCentral + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of designate central instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/designate.openstack.org_designatemdnses.yaml b/bindata/crds/designate.openstack.org_designatemdnses.yaml new file mode 100644 index 000000000..a5b874a5a --- /dev/null +++ b/bindata/crds/designate.openstack.org_designatemdnses.yaml @@ -0,0 +1,313 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: designatemdnses.designate.openstack.org +spec: + group: designate.openstack.org + names: + kind: DesignateMdns + listKind: DesignateMdnsList + plural: designatemdnses + singular: designatemdns + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: DesignateMdns is the Schema for the designatemdnses API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DesignateMdnsSpec defines the input parameters for the Designate + Mdns service + properties: + backendMdnsServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] + type: string + backendType: + description: |- + BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. + Helps maintain a single init container/init.sh to do container setup + type: string + backendWorkerServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] + type: string + containerImage: + description: ContainerImage - Designate Container Image URL (will + be set to environmental default if empty) + type: string + controlNetworkName: + default: designate + description: ControlNetworkName - specify which network attachment + is to be used for control, notifys and zone transfers. + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: designate + description: DatabaseAccount - name of MariaDBAccount which will be + used to connect. + type: string + databaseHostname: + description: DatabaseHostname - Designate Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Designate CR. + type: object + passwordSelectors: + default: + service: DesignatePassword + description: PasswordSelectors - Selectors to identify the DB and + ServiceUser password from the Secret + properties: + service: + default: DesignatePassword + description: Service - Selector to get the designate service password + from the Secret + type: string + type: object + replicas: + default: 1 + description: Replicas - Designate Mdns Replicas + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information for + DesignatePassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Designate services the default SA name + type: string + serviceUser: + default: designate + description: ServiceUser - optional username used for this service + to register in designate + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + transportURLSecret: + description: Secret containing RabbitMq transport URL + type: string + required: + - containerImage + type: object + status: + description: DesignateMdnsStatus defines the observed state of DesignateMdns + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + desiredNumberScheduled: + description: DesiredNumberScheduled - total number of the nodes which + should be running Daemon + format: int32 + type: integer + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of designate MDNS instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/designate.openstack.org_designateproducers.yaml b/bindata/crds/designate.openstack.org_designateproducers.yaml new file mode 100644 index 000000000..098137dc7 --- /dev/null +++ b/bindata/crds/designate.openstack.org_designateproducers.yaml @@ -0,0 +1,308 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: designateproducers.designate.openstack.org +spec: + group: designate.openstack.org + names: + kind: DesignateProducer + listKind: DesignateProducerList + plural: designateproducers + singular: designateproducer + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: DesignateProducer is the Schema for the designateproducer API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DesignateProducerSpec the desired state of DesignateProducer + properties: + backendMdnsServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] + type: string + backendType: + description: |- + BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. + Helps maintain a single init container/init.sh to do container setup + type: string + backendWorkerServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] + type: string + containerImage: + description: ContainerImage - Designate Container Image URL (will + be set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: designate + description: DatabaseAccount - name of MariaDBAccount which will be + used to connect. + type: string + databaseHostname: + description: DatabaseHostname - Designate Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Designate CR. + type: object + passwordSelectors: + default: + service: DesignatePassword + description: PasswordSelectors - Selectors to identify the DB and + ServiceUser password from the Secret + properties: + service: + default: DesignatePassword + description: Service - Selector to get the designate service password + from the Secret + type: string + type: object + redisHostIPs: + description: List of Redis Host IP addresses + items: + type: string + type: array + x-kubernetes-list-type: atomic + replicas: + default: 1 + description: Replicas - Designate Producer Replicas + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information for + DesignatePassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Designate services the default SA name + type: string + serviceUser: + default: designate + description: ServiceUser - optional username used for this service + to register in designate + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + transportURLSecret: + description: Secret containing RabbitMq transport URL + type: string + required: + - containerImage + type: object + status: + description: DesignateProducerStatus defines the observed state of DesignateProducer + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of designate Producer instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/designate.openstack.org_designates.yaml b/bindata/crds/designate.openstack.org_designates.yaml new file mode 100644 index 000000000..c9d6b35f0 --- /dev/null +++ b/bindata/crds/designate.openstack.org_designates.yaml @@ -0,0 +1,1668 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: designates.designate.openstack.org +spec: + group: designate.openstack.org + names: + kind: Designate + listKind: DesignateList + plural: designates + singular: designate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Designate is the Schema for the designates API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DesignateAPISpec defines the desired state of DesignateAPI + properties: + backendMdnsServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] + type: string + backendType: + description: |- + BackendType - Defines the backend service/configuration we are using, i.e. bind9, unhbound, PowerDNS, BYO, etc.. + Helps maintain a single init container/init.sh to do container setup + type: string + backendWorkerServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] + type: string + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: designate + description: DatabaseAccount - name of MariaDBAccount which will be + used to connect. + type: string + databaseInstance: + description: |- + MariaDB instance name + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + designateAPI: + description: DesignateAPI - Spec definition for the API service of + this Designate deployment + properties: + backendMdnsServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] + type: string + backendType: + description: |- + BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. + Helps maintain a single init container/init.sh to do container setup + type: string + backendWorkerServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] + type: string + containerImage: + description: ContainerImage - Designate Container Image URL (will + be set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: designate + description: DatabaseAccount - name of MariaDBAccount which will + be used to connect. + type: string + databaseHostname: + description: DatabaseHostname - Designate Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Designate CR. + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the + configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelectors: + default: + service: DesignatePassword + description: PasswordSelectors - Selectors to identify the DB + and ServiceUser password from the Secret + properties: + service: + default: DesignatePassword + description: Service - Selector to get the designate service + password from the Secret + type: string + type: object + replicas: + default: 1 + description: Replicas - Designate API Replicas + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information + for DesignatePassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Designate services the default SA name + type: string + serviceUser: + default: designate + description: ServiceUser - optional username used for this service + to register in designate + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret + for the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + public: + description: Public GenericService - holds the secret + for the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + transportURLSecret: + description: Secret containing RabbitMq transport URL + type: string + required: + - containerImage + type: object + designateBackendbind9: + description: DesignateBackendbind9 - Spec definition for the Backendbind9 + service of this Designate deployment + properties: + backendMdnsServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] + type: string + backendType: + description: |- + BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. + Helps maintain a single init container/init.sh to do container setup + type: string + backendWorkerServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] + type: string + containerImage: + description: ContainerImage - Designate Container Image URL (will + be set to environmental default if empty) + type: string + controlNetworkName: + default: designate + description: ControlNetworkName - specify which network attachment + is to be used for control, notifys and zone transfers. + type: string + customBindOptions: + description: CustomBindOptions - custom bind9 options + items: + type: string + type: array + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: designate + description: DatabaseAccount - name of MariaDBAccount which will + be used to connect. + type: string + databaseHostname: + description: DatabaseHostname - Designate Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Designate CR. + type: object + passwordSelectors: + default: + service: DesignatePassword + description: PasswordSelectors - Selectors to identify the DB + and ServiceUser password from the Secret + properties: + service: + default: DesignatePassword + description: Service - Selector to get the designate service + password from the Secret + type: string + type: object + replicas: + default: 1 + description: Replicas - Designate Backendbind9 Replicas + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information + for DesignatePassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Designate services the default SA name + type: string + serviceUser: + default: designate + description: ServiceUser - optional username used for this service + to register in designate + type: string + storageClass: + description: StorageClass + type: string + storageRequest: + description: StorageRequest + type: string + transportURLSecret: + description: Secret containing RabbitMq transport URL + type: string + required: + - containerImage + type: object + designateCentral: + description: DesignateCentral - Spec definition for the Central service + of this Designate deployment + properties: + backendMdnsServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] + type: string + backendType: + description: |- + BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. + Helps maintain a single init container/init.sh to do container setup + type: string + backendWorkerServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] + type: string + containerImage: + description: ContainerImage - Designate Container Image URL (will + be set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: designate + description: DatabaseAccount - name of MariaDBAccount which will + be used to connect. + type: string + databaseHostname: + description: DatabaseHostname - Designate Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Designate CR. + type: object + passwordSelectors: + default: + service: DesignatePassword + description: PasswordSelectors - Selectors to identify the DB + and ServiceUser password from the Secret + properties: + service: + default: DesignatePassword + description: Service - Selector to get the designate service + password from the Secret + type: string + type: object + redisHostIPs: + description: List of Redis Host IP addresses + items: + type: string + type: array + x-kubernetes-list-type: atomic + replicas: + default: 1 + description: Replicas - Designate Central Replicas + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information + for DesignatePassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Designate services the default SA name + type: string + serviceUser: + default: designate + description: ServiceUser - optional username used for this service + to register in designate + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + transportURLSecret: + description: Secret containing RabbitMq transport URL + type: string + required: + - containerImage + type: object + designateMdns: + description: DesignateMdns - Spec definition for the Mdns service + of this Designate deployment + properties: + backendMdnsServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] + type: string + backendType: + description: |- + BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. + Helps maintain a single init container/init.sh to do container setup + type: string + backendWorkerServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] + type: string + containerImage: + description: ContainerImage - Designate Container Image URL (will + be set to environmental default if empty) + type: string + controlNetworkName: + default: designate + description: ControlNetworkName - specify which network attachment + is to be used for control, notifys and zone transfers. + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: designate + description: DatabaseAccount - name of MariaDBAccount which will + be used to connect. + type: string + databaseHostname: + description: DatabaseHostname - Designate Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Designate CR. + type: object + passwordSelectors: + default: + service: DesignatePassword + description: PasswordSelectors - Selectors to identify the DB + and ServiceUser password from the Secret + properties: + service: + default: DesignatePassword + description: Service - Selector to get the designate service + password from the Secret + type: string + type: object + replicas: + default: 1 + description: Replicas - Designate Mdns Replicas + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information + for DesignatePassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Designate services the default SA name + type: string + serviceUser: + default: designate + description: ServiceUser - optional username used for this service + to register in designate + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + transportURLSecret: + description: Secret containing RabbitMq transport URL + type: string + required: + - containerImage + type: object + designateNetworkAttachment: + default: designate + description: DesignateNetworkAttachment is a NetworkAttachment resource + name for the Designate Control Network + type: string + designateProducer: + description: DesignateProducer - Spec definition for the Producer + service of this Designate deployment + properties: + backendMdnsServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] + type: string + backendType: + description: |- + BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. + Helps maintain a single init container/init.sh to do container setup + type: string + backendWorkerServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] + type: string + containerImage: + description: ContainerImage - Designate Container Image URL (will + be set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: designate + description: DatabaseAccount - name of MariaDBAccount which will + be used to connect. + type: string + databaseHostname: + description: DatabaseHostname - Designate Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Designate CR. + type: object + passwordSelectors: + default: + service: DesignatePassword + description: PasswordSelectors - Selectors to identify the DB + and ServiceUser password from the Secret + properties: + service: + default: DesignatePassword + description: Service - Selector to get the designate service + password from the Secret + type: string + type: object + redisHostIPs: + description: List of Redis Host IP addresses + items: + type: string + type: array + x-kubernetes-list-type: atomic + replicas: + default: 1 + description: Replicas - Designate Producer Replicas + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information + for DesignatePassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Designate services the default SA name + type: string + serviceUser: + default: designate + description: ServiceUser - optional username used for this service + to register in designate + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + transportURLSecret: + description: Secret containing RabbitMq transport URL + type: string + required: + - containerImage + type: object + designateUnbound: + description: DesignateUnbound - Spec definition for the Unbound Resolver + service of this Designate deployment + properties: + containerImage: + description: ContainerImage - Designate Container Image URL (will + be set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Designate CR. + type: object + replicas: + default: 1 + description: Replicas - Designate Unbound Replicas + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Designate services the default SA name + type: string + required: + - containerImage + type: object + designateWorker: + description: DesignateWorker - Spec definition for the Worker service + of this Designate deployment + properties: + backendMdnsServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] + type: string + backendType: + description: |- + BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. + Helps maintain a single init container/init.sh to do container setup + type: string + backendWorkerServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] + type: string + containerImage: + description: ContainerImage - Designate Container Image URL (will + be set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: designate + description: DatabaseAccount - name of MariaDBAccount which will + be used to connect. + type: string + databaseHostname: + description: DatabaseHostname - Designate Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Designate CR. + type: object + passwordSelectors: + default: + service: DesignatePassword + description: PasswordSelectors - Selectors to identify the DB + and ServiceUser password from the Secret + properties: + service: + default: DesignatePassword + description: Service - Selector to get the designate service + password from the Secret + type: string + type: object + replicas: + default: 1 + description: Replicas - Designate Worker Replicas + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information + for DesignatePassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Designate services the default SA name + type: string + serviceUser: + default: designate + description: ServiceUser - optional username used for this service + to register in designate + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + transportURLSecret: + description: Secret containing RabbitMq transport URL + type: string + required: + - containerImage + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + passwordSelectors: + default: + service: DesignatePassword + description: PasswordSelectors - Selectors to identify the DB and + AdminUser password from the Secret + properties: + service: + default: DesignatePassword + description: Service - Selector to get the designate service password + from the Secret + type: string + type: object + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Designate + type: string + redisServiceName: + default: designate-redis + description: RedisServiceName is the name of the Redis instance to + be used (must be in the same namespace as designate) + type: string + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information for + designate AdminPassword + type: string + serviceUser: + default: designate + description: ServiceUser - optional username used for this service + to register in designate + type: string + required: + - databaseInstance + - designateAPI + - designateBackendbind9 + - designateCentral + - designateMdns + - designateProducer + - designateWorker + - rabbitMqClusterName + - secret + type: object + status: + description: DesignateStatus defines the observed state of Designate + properties: + apiEndpoint: + additionalProperties: + type: string + description: API endpoint + type: object + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + description: DatabaseHostname - Designate Database Hostname + type: string + designateAPIReadyCount: + description: ReadyCount of Designate API instance + format: int32 + type: integer + designateBackendbind9ReadyCount: + description: ReadyCount of Designate Backendbind9 instance + format: int32 + type: integer + designateCentralReadyCount: + description: ReadyCount of Designate Central instance + format: int32 + type: integer + designateMdnsReadyCount: + description: ReadyCount of Designate Mdns instance + format: int32 + type: integer + designateProducerReadyCount: + description: ReadyCount of Designate Producer instance + format: int32 + type: integer + designateUnboundReadyCount: + description: ReadyCount of Designate Unbound instance + format: int32 + type: integer + designateWorkerReadyCount: + description: ReadyCount of Designate Worker instance + format: int32 + type: integer + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + redisHostIPs: + description: List of Redis Host IP addresses + items: + type: string + type: array + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/designate.openstack.org_designateunbounds.yaml b/bindata/crds/designate.openstack.org_designateunbounds.yaml new file mode 100644 index 000000000..da7855064 --- /dev/null +++ b/bindata/crds/designate.openstack.org_designateunbounds.yaml @@ -0,0 +1,241 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: designateunbounds.designate.openstack.org +spec: + group: designate.openstack.org + names: + kind: DesignateUnbound + listKind: DesignateUnboundList + plural: designateunbounds + singular: designateunbound + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: DesignateUnbound is the Schema for the designateworker API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DesignateUnboundSpec defines the desired state of DesignateUnbound + properties: + containerImage: + description: ContainerImage - Designate Container Image URL (will + be set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Designate CR. + type: object + replicas: + default: 1 + description: Replicas - Designate Unbound Replicas + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Designate services the default SA name + type: string + required: + - containerImage + type: object + status: + description: DesignateUnboundStatus defines the observed state of DesignateUnbound + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of designate central instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/designate.openstack.org_designateworkers.yaml b/bindata/crds/designate.openstack.org_designateworkers.yaml new file mode 100644 index 000000000..a48bc8626 --- /dev/null +++ b/bindata/crds/designate.openstack.org_designateworkers.yaml @@ -0,0 +1,298 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: designateworkers.designate.openstack.org +spec: + group: designate.openstack.org + names: + kind: DesignateWorker + listKind: DesignateWorkerList + plural: designateworkers + singular: designateworker + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: DesignateWorker is the Schema for the designateworker API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DesignateWorkerSpec the desired state of DesignateWorker + properties: + backendMdnsServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:mdns'] + type: string + backendType: + description: |- + BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. + Helps maintain a single init container/init.sh to do container setup + type: string + backendWorkerServerProtocol: + description: |- + BackendTypeProtocol - Defines the backend protocol to be used between the designate-worker & + designate_mdns to/from the DNS server. Acceptable values are: "UDP", "TCP" + Please Note: this MUST match what is in the /etc/designate.conf ['service:worker'] + type: string + containerImage: + description: ContainerImage - Designate Container Image URL (will + be set to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as a custom config file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc//.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: designate + description: DatabaseAccount - name of MariaDBAccount which will be + used to connect. + type: string + databaseHostname: + description: DatabaseHostname - Designate Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Designate CR. + type: object + passwordSelectors: + default: + service: DesignatePassword + description: PasswordSelectors - Selectors to identify the DB and + ServiceUser password from the Secret + properties: + service: + default: DesignatePassword + description: Service - Selector to get the designate service password + from the Secret + type: string + type: object + replicas: + default: 1 + description: Replicas - Designate Worker Replicas + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information for + DesignatePassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Designate services the default SA name + type: string + serviceUser: + default: designate + description: ServiceUser - optional username used for this service + to register in designate + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + transportURLSecret: + description: Secret containing RabbitMq transport URL + type: string + required: + - containerImage + type: object + status: + description: DesignateWorkerStatus defines the observed state of DesignateWorker + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of designate central instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/glance.openstack.org_glanceapis.yaml b/bindata/crds/glance.openstack.org_glanceapis.yaml new file mode 100644 index 000000000..2e03f9044 --- /dev/null +++ b/bindata/crds/glance.openstack.org_glanceapis.yaml @@ -0,0 +1,783 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: glanceapis.glance.openstack.org +spec: + group: glance.openstack.org + names: + kind: GlanceAPI + listKind: GlanceAPIList + plural: glanceapis + singular: glanceapi + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + apiTimeout: + minimum: 1 + type: integer + apiType: + default: external + enum: + - internal + - external + - single + - edge + type: string + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: glance + type: string + databaseHostname: + type: string + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + imageCache: + properties: + cleanerScheduler: + default: '*/30 * * * *' + type: string + prunerScheduler: + default: 1 0 * * * + type: string + size: + default: "" + type: string + required: + - size + type: object + memcachedInstance: + default: memcached + type: string + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + passwordSelectors: + default: + service: GlancePassword + properties: + service: + default: GlancePassword + type: string + type: object + quota: + default: false + type: boolean + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: glance + type: string + storage: + properties: + external: + type: boolean + storageClass: + type: string + storageRequest: + type: string + type: object + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + type: + default: split + enum: + - split + - single + - edge + type: string + required: + - containerImage + - databaseHostname + - memcachedInstance + - secret + - serviceAccount + type: object + status: + properties: + apiEndpoint: + additionalProperties: + type: string + type: object + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + domain: + type: string + hash: + additionalProperties: + type: string + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + type: object + observedGeneration: + format: int64 + type: integer + readyCount: + default: 0 + format: int32 + minimum: 0 + type: integer + required: + - readyCount + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/glance.openstack.org_glances.yaml b/bindata/crds/glance.openstack.org_glances.yaml new file mode 100644 index 000000000..6c15cd516 --- /dev/null +++ b/bindata/crds/glance.openstack.org_glances.yaml @@ -0,0 +1,845 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: glances.glance.openstack.org +spec: + group: glance.openstack.org + names: + kind: Glance + listKind: GlanceList + plural: glances + singular: glance + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + apiTimeout: + default: 60 + minimum: 1 + type: integer + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: glance + type: string + databaseInstance: + type: string + dbPurge: + properties: + age: + default: 30 + minimum: 1 + type: integer + schedule: + default: 1 0 * * * + type: string + type: object + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + glanceAPIs: + additionalProperties: + properties: + apiTimeout: + minimum: 1 + type: integer + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + imageCache: + properties: + cleanerScheduler: + default: '*/30 * * * *' + type: string + prunerScheduler: + default: 1 0 * * * + type: string + size: + default: "" + type: string + required: + - size + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + storage: + properties: + external: + type: boolean + storageClass: + type: string + storageRequest: + type: string + type: object + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + type: + default: split + enum: + - split + - single + - edge + type: string + required: + - containerImage + type: object + default: {} + type: object + imageCache: + properties: + cleanerScheduler: + default: '*/30 * * * *' + type: string + prunerScheduler: + default: 1 0 * * * + type: string + size: + default: "" + type: string + required: + - size + type: object + keystoneEndpoint: + default: "" + type: string + memcachedInstance: + default: memcached + type: string + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: GlancePassword + properties: + service: + default: GlancePassword + type: string + type: object + preserveJobs: + default: false + type: boolean + quotas: + properties: + imageCountTotal: + default: 0 + type: integer + imageCountUpload: + default: 0 + type: integer + imageSizeTotal: + default: 0 + type: integer + imageStageTotal: + default: 0 + type: integer + required: + - imageCountTotal + - imageCountUpload + - imageSizeTotal + - imageStageTotal + type: object + secret: + type: string + serviceUser: + default: glance + type: string + storage: + properties: + external: + type: boolean + storageClass: + type: string + storageRequest: + type: string + type: object + required: + - containerImage + - databaseInstance + - glanceAPIs + - imageCache + - keystoneEndpoint + - memcachedInstance + - secret + type: object + status: + properties: + apiEndpoint: + additionalProperties: + type: string + type: object + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + type: string + glanceAPIReadyCounts: + additionalProperties: + format: int32 + type: integer + type: object + hash: + additionalProperties: + type: string + type: object + observedGeneration: + format: int64 + type: integer + serviceID: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/heat.openstack.org_heatapis.yaml b/bindata/crds/heat.openstack.org_heatapis.yaml new file mode 100644 index 000000000..6d7c3f676 --- /dev/null +++ b/bindata/crds/heat.openstack.org_heatapis.yaml @@ -0,0 +1,462 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: heatapis.heat.openstack.org +spec: + group: heat.openstack.org + names: + kind: HeatAPI + listKind: HeatAPIList + plural: heatapis + singular: heatapi + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: HeatAPI ... + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: HeatAPISpec defines the desired state of HeatAPI + properties: + containerImage: + description: ContainerImage - Container Image URL + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc/heat/heat.conf.d directory as 02-custom-service.conf file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc/heat/heat.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: heat + description: DatabaseAccount - optional MariaDBAccount used for heat + DB, defaults to heat. + type: string + databaseHostname: + description: DatabaseHostname - Heat Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes for running + the service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelectors: + default: + authEncryptionKey: HeatAuthEncryptionKey + service: HeatPassword + description: PasswordSelectors - Selectors to identify the DB and + ServiceUser password from the Secret + properties: + authEncryptionKey: + default: HeatAuthEncryptionKey + description: AuthEncryptionKey - Selector to get the heat auth + encryption key from the Secret + type: string + service: + default: HeatPassword + description: Service - Selector to get the heat service password + from the Secret + type: string + stackDomainAdminPassword: + default: HeatStackDomainAdminPassword + description: StackDomainAdminPassword - Selector to get the heat + stack domain admin password from the Secret + type: string + type: object + replicas: + default: 1 + description: Replicas - + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: |- + Secret containing OpenStack password information for heat HeatDatabasePassword, HeatPassword + and HeatAuthEncryptionKey + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Heat services the default SA name + type: string + serviceUser: + default: heat + description: ServiceUser - optional username used for this service + to register in heat + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret for + the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + public: + description: Public GenericService - holds the secret for + the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + required: + - containerImage + - databaseHostname + - secret + - serviceAccount + - transportURLSecret + type: object + status: + description: HeatAPIStatus defines the observed state of HeatAPI + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of HeatAPI instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/heat.openstack.org_heatcfnapis.yaml b/bindata/crds/heat.openstack.org_heatcfnapis.yaml new file mode 100644 index 000000000..8e4a16d92 --- /dev/null +++ b/bindata/crds/heat.openstack.org_heatcfnapis.yaml @@ -0,0 +1,462 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: heatcfnapis.heat.openstack.org +spec: + group: heat.openstack.org + names: + kind: HeatCfnAPI + listKind: HeatCfnAPIList + plural: heatcfnapis + singular: heatcfnapi + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: HeatCfnAPI ... + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: HeatCfnAPISpec defines the desired state of HeatCfnAPI + properties: + containerImage: + description: ContainerImage - Container Image URL + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc/heat/heat.conf.d directory as 02-custom-service.conf file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc/heat/heat.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: heat + description: DatabaseAccount - optional MariaDBAccount used for heat + DB, defaults to heat. + type: string + databaseHostname: + description: DatabaseHostname - Heat Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes for running + the service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelectors: + default: + authEncryptionKey: HeatAuthEncryptionKey + service: HeatPassword + description: PasswordSelectors - Selectors to identify the DB and + ServiceUser password from the Secret + properties: + authEncryptionKey: + default: HeatAuthEncryptionKey + description: AuthEncryptionKey - Selector to get the heat auth + encryption key from the Secret + type: string + service: + default: HeatPassword + description: Service - Selector to get the heat service password + from the Secret + type: string + stackDomainAdminPassword: + default: HeatStackDomainAdminPassword + description: StackDomainAdminPassword - Selector to get the heat + stack domain admin password from the Secret + type: string + type: object + replicas: + default: 1 + description: Replicas - + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: |- + Secret containing OpenStack password information for heat HeatDatabasePassword, HeatPassword + and HeatAuthEncryptionKey + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Heat services the default SA name + type: string + serviceUser: + default: heat + description: ServiceUser - optional username used for this service + to register in heat + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret for + the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + public: + description: Public GenericService - holds the secret for + the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + required: + - containerImage + - databaseHostname + - secret + - serviceAccount + - transportURLSecret + type: object + status: + description: HeatCfnAPIStatus defines the observed state of HeatCfnAPI + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of HeatCfnAPI instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/heat.openstack.org_heatengines.yaml b/bindata/crds/heat.openstack.org_heatengines.yaml new file mode 100644 index 000000000..906714b4a --- /dev/null +++ b/bindata/crds/heat.openstack.org_heatengines.yaml @@ -0,0 +1,282 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: heatengines.heat.openstack.org +spec: + group: heat.openstack.org + names: + kind: HeatEngine + listKind: HeatEngineList + plural: heatengines + singular: heatengine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: HeatEngine defined. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: HeatEngineSpec defines the desired state of HeatEngine + properties: + containerImage: + description: ContainerImage - Container Image URL + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc/heat/heat.conf.d directory as 02-custom-service.conf file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc/heat/heat.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: heat + description: DatabaseAccount - optional MariaDBAccount used for heat + DB, defaults to heat. + type: string + databaseHostname: + description: DatabaseHostname - Heat Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes for running + the service + type: object + passwordSelectors: + default: + authEncryptionKey: HeatAuthEncryptionKey + service: HeatPassword + description: PasswordSelectors - Selectors to identify the DB and + ServiceUser password from the Secret + properties: + authEncryptionKey: + default: HeatAuthEncryptionKey + description: AuthEncryptionKey - Selector to get the heat auth + encryption key from the Secret + type: string + service: + default: HeatPassword + description: Service - Selector to get the heat service password + from the Secret + type: string + stackDomainAdminPassword: + default: HeatStackDomainAdminPassword + description: StackDomainAdminPassword - Selector to get the heat + stack domain admin password from the Secret + type: string + type: object + replicas: + default: 1 + description: Replicas - + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: |- + Secret containing OpenStack password information for heat HeatDatabasePassword, HeatPassword + and HeatAuthEncryptionKey + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Heat services the default SA name + type: string + serviceUser: + default: heat + description: ServiceUser - optional username used for this service + to register in heat + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + required: + - containerImage + - databaseHostname + - secret + - serviceAccount + - transportURLSecret + type: object + status: + description: HeatEngineStatus defines the observed state of HeatEngine + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of HeatEngine instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/heat.openstack.org_heats.yaml b/bindata/crds/heat.openstack.org_heats.yaml new file mode 100644 index 000000000..c1cef22e8 --- /dev/null +++ b/bindata/crds/heat.openstack.org_heats.yaml @@ -0,0 +1,922 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: heats.heat.openstack.org +spec: + group: heat.openstack.org + names: + kind: Heat + listKind: HeatList + plural: heats + singular: heat + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Heat is the Schema for the heats API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: HeatSpec defines the desired state of Heat + properties: + apiTimeout: + default: 600 + description: APITimeout for Route and Apache + minimum: 60 + type: integer + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc/heat/heat.conf.d directory as 01-custom.conf file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc/heat/heat.conf.d directory as a custom config file. + items: + type: string + type: array + databaseAccount: + default: heat + description: DatabaseAccount - optional MariaDBAccount used for heat + DB, defaults to heat. + type: string + databaseInstance: + default: openstack + description: |- + MariaDB instance name. + Right now required by the maridb-operator to get the credentials from the instance to create the DB. + Might not be required in future. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + heatAPI: + description: HeatAPI - Spec definition for the API service of this + Heat deployment + properties: + containerImage: + description: ContainerImage - Container Image URL + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc/heat/heat.conf.d directory as 02-custom-service.conf file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc/heat/heat.conf.d directory as a custom config file. + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes for + running the service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the + configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + replicas: + default: 1 + description: Replicas - + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret + for the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + public: + description: Public GenericService - holds the secret + for the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + required: + - containerImage + type: object + heatCfnAPI: + description: HeatCfnAPI - Spec definition for the CfnAPI service of + this Heat deployment + properties: + containerImage: + description: ContainerImage - Container Image URL + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc/heat/heat.conf.d directory as 02-custom-service.conf file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc/heat/heat.conf.d directory as a custom config file. + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes for + running the service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the + configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + replicas: + default: 1 + description: Replicas - + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret + for the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + public: + description: Public GenericService - holds the secret + for the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + required: + - containerImage + type: object + heatEngine: + description: HeatEngine - Spec definition for the Engine service of + this Heat deployment + properties: + containerImage: + description: ContainerImage - Container Image URL + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc/heat/heat.conf.d directory as 02-custom-service.conf file. + type: string + customServiceConfigSecrets: + description: |- + CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets + that contain sensitive service config data. The content of each Secret gets added to the + /etc/heat/heat.conf.d directory as a custom config file. + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes for + running the service + type: object + replicas: + default: 1 + description: Replicas - + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - containerImage + type: object + memcachedInstance: + default: memcached + description: Memcached instance name. + type: string + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes for running + the Heat services + type: object + passwordSelectors: + default: + authEncryptionKey: HeatAuthEncryptionKey + service: HeatPassword + description: PasswordSelectors - Selectors to identify the DB and + ServiceUser password from the Secret + properties: + authEncryptionKey: + default: HeatAuthEncryptionKey + description: AuthEncryptionKey - Selector to get the heat auth + encryption key from the Secret + type: string + service: + default: HeatPassword + description: Service - Selector to get the heat service password + from the Secret + type: string + stackDomainAdminPassword: + default: HeatStackDomainAdminPassword + description: StackDomainAdminPassword - Selector to get the heat + stack domain admin password from the Secret + type: string + type: object + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Heat + type: string + secret: + description: |- + Secret containing OpenStack password information for heat HeatDatabasePassword, HeatPassword + and HeatAuthEncryptionKey + type: string + serviceUser: + default: heat + description: ServiceUser - optional username used for this service + to register in heat + type: string + required: + - databaseInstance + - heatAPI + - heatCfnAPI + - heatEngine + - memcachedInstance + - rabbitMqClusterName + - secret + type: object + status: + description: HeatStatus defines the observed state of Heat + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + description: Heat Database Hostname + type: string + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + heatApiReadyCount: + description: ReadyCount of Heat API instance + format: int32 + type: integer + heatCfnApiReadyCount: + description: ReadyCount of Heat CfnAPI instance + format: int32 + type: integer + heatEngineReadyCount: + description: ReadyCount of Heat Engine instance + format: int32 + type: integer + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/horizon.openstack.org_horizons.yaml b/bindata/crds/horizon.openstack.org_horizons.yaml new file mode 100644 index 000000000..f10a50696 --- /dev/null +++ b/bindata/crds/horizon.openstack.org_horizons.yaml @@ -0,0 +1,1477 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: horizons.horizon.openstack.org +spec: + group: horizon.openstack.org + names: + kind: Horizon + listKind: HorizonList + plural: horizons + singular: horizon + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Horizon is the Schema for the horizons API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: HorizonSpec defines the desired state of Horizon + properties: + containerImage: + description: horizon Container Image URL + type: string + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc/openstack-dashboard/local_settings.d directory as 9999_custom_settings.py file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + extraMounts: + default: [] + description: ExtraMounts containing conf files + items: + description: |- + HorizonExtraVolMounts exposes additional parameters processed by the horizon-operator + and defines the common VolMounts structure provided by the main storage module + properties: + extraVol: + items: + description: |- + VolMounts is the data structure used to expose Volumes and Mounts that can + be added to a pod according to the defined Propagation policy + properties: + extraVolType: + description: Label associated to a given extraMount + type: string + mounts: + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + description: Propagation defines which pod should mount + the volume + items: + description: |- + PropagationType identifies the Service, Group or instance (e.g. the backend) that + receives an Extra Volume that can potentially be mounted + type: string + type: array + volumes: + items: + description: Volume our slimmed down version of Volume + properties: + cephfs: + description: cephFS represents a Ceph FS mount on + the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph tree, + default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + configMap: + description: configMap represents a configMap that + should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. + Must not be absolute or contain the + ''..'' path. Must be utf-8 encoded. + The first item of the relative path + must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and + then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + hostPath: + description: |- + Represents a host path mapped into a pod. + Host path volumes do not support ownership management or SELinux relabeling. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for + iSCSI target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: Name of the volume + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or contain + the ''..'' path. Must be utf-8 + encoded. The first item of + the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the + output format of the exposed + resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify + whether the Secret or its key must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to + project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of + the ScaleIO Protection Domain for the configured + storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + memcachedInstance: + default: memcached + description: Memcached instance name. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + description: Override configuration for the Service created to + serve traffic to the cluster. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + type: object + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + replicas: + default: 1 + description: Replicas of horizon API to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information for + Horizon Secret Key + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + required: + - containerImage + - memcachedInstance + - secret + type: object + status: + description: HorizonStatus defines the observed state of Horizon + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + endpoint: + description: Endpoint url to access OpenStack Dashboard + type: string + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of Horizon instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/instanceha.openstack.org_instancehas.yaml b/bindata/crds/instanceha.openstack.org_instancehas.yaml new file mode 100644 index 000000000..e57803da3 --- /dev/null +++ b/bindata/crds/instanceha.openstack.org_instancehas.yaml @@ -0,0 +1,182 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: instancehas.instanceha.openstack.org +spec: + group: instanceha.openstack.org + names: + kind: InstanceHa + listKind: InstanceHaList + plural: instancehas + singular: instanceha + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: InstanceHa is the Schema for the instancehas API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: InstanceHaSpec defines the desired state of InstanceHa + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + containerImage: + default: quay.io/podified-antelope-centos9/openstack-openstackclient:current-podified + description: ContainerImage for the the InstanceHa container (will + be set to environmental default if empty) + type: string + fencingSecret: + default: fencing-secret + description: FencingSecret is the name of the Secret containing the + fencing details + type: string + instanceHaConfigMap: + default: instanceha-config + description: InstanceHaConfigMap is the name of the ConfigMap containing + the InstanceHa config file + type: string + instanceHaKdumpPort: + default: 7410 + format: int32 + type: integer + networkAttachments: + description: |- + NetworkAttachments is a list of NetworkAttachment resource names to expose + the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + control plane services + type: object + openStackCloud: + default: default + description: OpenStackClould is the name of the Cloud to use as per + clouds.yaml (will be set to "default" if empty) + type: string + openStackConfigMap: + default: openstack-config + description: OpenStackConfigMap is the name of the ConfigMap containing + the clouds.yaml + type: string + openStackConfigSecret: + default: openstack-config-secret + description: OpenStackConfigSecret is the name of the Secret containing + the secure.yaml + type: string + required: + - containerImage + - fencingSecret + - instanceHaConfigMap + - instanceHaKdumpPort + - openStackCloud + - openStackConfigMap + - openStackConfigSecret + type: object + status: + description: InstanceHaStatus defines the observed state of InstanceHa + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: ObservedGeneration - the most recent generation observed + for this object. + format: int64 + type: integer + podName: + description: PodName + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/ironic.openstack.org_ironicapis.yaml b/bindata/crds/ironic.openstack.org_ironicapis.yaml new file mode 100644 index 000000000..5dd9473da --- /dev/null +++ b/bindata/crds/ironic.openstack.org_ironicapis.yaml @@ -0,0 +1,485 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: ironicapis.ironic.openstack.org +spec: + group: ironic.openstack.org + names: + kind: IronicAPI + listKind: IronicAPIList + plural: ironicapis + singular: ironicapi + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .spec.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: IronicAPI is the Schema for the ironicapis API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IronicAPISpec defines the desired state of IronicAPI + properties: + containerImage: + description: ContainerImage - Ironic API Container Image + type: string + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: ironic + description: DatabaseAccount - optional MariaDBAccount used for ironic + DB, defaults to ironic. + type: string + databaseHostname: + description: DatabaseHostname - Ironic Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + keystoneEndpoints: + description: KeystoneEndpoints - Internally used Keystone API endpoints + properties: + internal: + description: Internal endpoint URL + type: string + public: + description: Public endpoint URL + type: string + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Ironic CR + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelectors: + default: + service: IronicPassword + description: PasswordSelectors - Selectors to identify the DB and + ServiceUser password from the Secret + properties: + service: + default: IronicPassword + description: Service - Selector to get the ironic service password + from the Secret + type: string + type: object + replicas: + default: 1 + description: Replicas - + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + rpcTransport: + default: json-rpc + description: |- + RPC transport type - Which RPC transport implementation to use between + conductor and API services. 'oslo' to use oslo.messaging transport + or 'json-rpc' to use JSON RPC transport. NOTE -> ironic requires + oslo.messaging transport when not in standalone mode. + enum: + - oslo + - json-rpc + type: string + secret: + description: Secret containing OpenStack password information for + AdminPassword + type: string + serviceUser: + default: ironic + description: ServiceUser - optional username used for this service + to register in ironic + type: string + standalone: + default: false + description: Whether to deploy a standalone Ironic. + type: boolean + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret for + the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + public: + description: Public GenericService - holds the secret for + the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + transportURLSecret: + description: Secret containing RabbitMq transport URL + type: string + required: + - databaseHostname + type: object + status: + description: IronicAPIStatus defines the observed state of IronicAPI + properties: + apiEndpoints: + additionalProperties: + additionalProperties: + type: string + type: object + description: API endpoint + type: object + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the openstack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of ironic API instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/ironic.openstack.org_ironicconductors.yaml b/bindata/crds/ironic.openstack.org_ironicconductors.yaml new file mode 100644 index 000000000..980d71100 --- /dev/null +++ b/bindata/crds/ironic.openstack.org_ironicconductors.yaml @@ -0,0 +1,356 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: ironicconductors.ironic.openstack.org +spec: + group: ironic.openstack.org + names: + kind: IronicConductor + listKind: IronicConductorList + plural: ironicconductors + singular: ironicconductor + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .spec.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: IronicConductor is the Schema for the ironicconductors Conductor + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IronicConductorSpec defines the desired state of IronicConductor + properties: + conductorGroup: + description: ConductorGroup - Ironic Conductor conductor group. + type: string + containerImage: + description: ContainerImage - Ironic Conductor Container Image + type: string + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: ironic + description: DatabaseAccount - optional MariaDBAccount used for ironic + DB, defaults to ironic. + type: string + databaseHostname: + description: DatabaseHostname - Ironic Database Hostname + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + dhcpRanges: + description: DHCPRanges - List of DHCP ranges to use for provisioning + items: + description: DHCPRange to define address range for DHCP requestes + properties: + cidr: + description: Cidr - IP address prefix (CIDR) representing an + IP network. + type: string + end: + description: End - End of DHCP range + type: string + gateway: + description: Gateway - IP address for the router + type: string + mtu: + description: MTU - Maximum Transmission Unit + type: integer + name: + description: Name - Name of the DHCPRange (used for tagging + in dnsmasq) + type: string + podIndex: + description: PodIndex - Maps the DHCPRange to a specific statefulset + pod index + type: integer + start: + description: Start - Start of DHCP range + type: string + required: + - cidr + - end + - start + type: object + type: array + ironicPythonAgentImage: + description: IronicPythonAgentImage - Image containing the ironic-python-agent + kernel and ramdisk + type: string + keystoneEndpoints: + description: KeystoneEndpoints - Internally used Keystone API endpoints + properties: + internal: + description: Internal endpoint URL + type: string + public: + description: Public endpoint URL + type: string + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Ironic CR + type: object + passwordSelectors: + default: + service: IronicPassword + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret + properties: + service: + default: IronicPassword + description: Service - Selector to get the ironic service password + from the Secret + type: string + type: object + provisionNetwork: + description: ProvisionNetwork - Additional network to attach to expose + boot DHCP, TFTP, HTTP services. + type: string + pxeContainerImage: + description: PxeContainerImage - Ironic DHCP/TFTP/HTTP Container Image + type: string + replicas: + default: 1 + description: Replicas - + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + rpcTransport: + default: json-rpc + description: |- + RPC transport type - Which RPC transport implementation to use between + conductor and API services. 'oslo' to use oslo.messaging transport + or 'json-rpc' to use JSON RPC transport. NOTE -> ironic requires + oslo.messaging transport when not in standalone mode. + enum: + - oslo + - json-rpc + type: string + secret: + description: Secret containing OpenStack password information for + AdminPassword + type: string + serviceUser: + default: ironic + description: ServiceUser - optional username used for this service + to register in ironic + type: string + standalone: + default: false + description: Whether to deploy a standalone Ironic. + type: boolean + storageClass: + default: "" + description: StorageClass + type: string + storageRequest: + description: StorageRequest + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + required: + - databaseHostname + - storageClass + - storageRequest + type: object + status: + description: IronicConductorStatus defines the observed state of IronicConductor + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the openstack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of ironic Conductor instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/ironic.openstack.org_ironicinspectors.yaml b/bindata/crds/ironic.openstack.org_ironicinspectors.yaml new file mode 100644 index 000000000..b8cf21ca5 --- /dev/null +++ b/bindata/crds/ironic.openstack.org_ironicinspectors.yaml @@ -0,0 +1,543 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: ironicinspectors.ironic.openstack.org +spec: + group: ironic.openstack.org + names: + kind: IronicInspector + listKind: IronicInspectorList + plural: ironicinspectors + singular: ironicinspector + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .spec.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: IronicInspector is the Schema for the IronicInspector + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IronicInspectorSpec defines the desired state of IronicInspector + properties: + containerImage: + description: ContainerImage - Ironic Inspector Container Image + type: string + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: ironic-inspector + description: |- + DatabaseAccount - optional MariaDBAccount used for ironic DB, defaults to ironic-inspector. + this is separate from the account used for ironic, as a MariaDBAccount can only + refer to a single MariaDBDatabase and it appears that ironic inspector uses its + own MariaDBDatabase. + type: string + databaseInstance: + description: |- + MariaDB instance name. + Right now required by the maridb-operator to get the credentials from the instance to create the DB. + Might not be required in future. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + dhcpRanges: + description: DHCPRanges - List of DHCP ranges to use for provisioning + items: + description: DHCPRange to define address range for DHCP requestes + properties: + cidr: + description: Cidr - IP address prefix (CIDR) representing an + IP network. + type: string + end: + description: End - End of DHCP range + type: string + gateway: + description: Gateway - IP address for the router + type: string + mtu: + description: MTU - Maximum Transmission Unit + type: integer + name: + description: Name - Name of the DHCPRange (used for tagging + in dnsmasq) + type: string + podIndex: + description: PodIndex - Maps the DHCPRange to a specific statefulset + pod index + type: integer + start: + description: Start - Start of DHCP range + type: string + required: + - cidr + - end + - start + type: object + type: array + inspectionNetwork: + description: InspectionNetwork - Additional network to attach to expose + boot DHCP, TFTP, HTTP services. + type: string + ironicPythonAgentImage: + description: IronicPythonAgentImage - Image containing the ironic-python-agent + kernel and ramdisk + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Ironic CR + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelectors: + default: + service: IronicInspectorPassword + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret + properties: + service: + default: IronicInspectorPassword + description: Service - Selector to get the ironic-inspector service + password from the Secret + type: string + type: object + preserveJobs: + default: true + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + pxeContainerImage: + description: PxeContainerImage - Ironic Inspector DHCP/TFTP/HTTP Container + Image + type: string + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Ironic Inspector + type: string + replicas: + default: 1 + description: Replicas - Ironic Inspector Replicas + format: int32 + maximum: 1 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + rpcTransport: + default: json-rpc + description: |- + RPC transport type - Which RPC transport implementation to use between + conductor and API services. 'oslo' to use oslo.messaging transport + or 'json-rpc' to use JSON RPC transport. NOTE -> ironic-inspector + requires oslo.messaging transport when not in standalone mode. + enum: + - oslo + - json-rpc + type: string + secret: + description: Secret containing OpenStack password information for + AdminPassword + type: string + serviceUser: + default: ironic-inspector + description: ServiceUser - optional username used for this service + to register in ironic-inspector + type: string + standalone: + default: false + description: Standalone - Whether to deploy a standalone Ironic Inspector. + type: boolean + storageClass: + description: StorageClass + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret for + the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + public: + description: Public GenericService - holds the secret for + the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + type: object + status: + description: IronicInspectorStatus defines the observed state of IronicInspector + properties: + apiEndpoints: + additionalProperties: + additionalProperties: + type: string + type: object + description: API endpoint + type: object + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + description: IronicInspector Database Hostname + type: string + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the openstack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of Ironic Inspector instances + format: int32 + type: integer + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/ironic.openstack.org_ironicneutronagents.yaml b/bindata/crds/ironic.openstack.org_ironicneutronagents.yaml new file mode 100644 index 000000000..36f467d19 --- /dev/null +++ b/bindata/crds/ironic.openstack.org_ironicneutronagents.yaml @@ -0,0 +1,260 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: ironicneutronagents.ironic.openstack.org +spec: + group: ironic.openstack.org + names: + kind: IronicNeutronAgent + listKind: IronicNeutronAgentList + plural: ironicneutronagents + singular: ironicneutronagent + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Networks + jsonPath: .status.networks + name: Networks + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: IronicNeutronAgent is the Schema for the ML2 baremetal - ironic-neutron-agent + agents + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IronicNeutronAgentSpec defines the desired state of ML2 baremetal + - ironic-neutron-agent agents + properties: + containerImage: + description: ContainerImage - ML2 baremtal - Ironic Neutron Agent + Image + type: string + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Ironic CR + type: object + passwordSelectors: + default: + service: IronicPassword + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret + properties: + service: + default: IronicPassword + description: Service - Selector to get the ironic service password + from the Secret + type: string + type: object + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Ironic + type: string + replicas: + default: 1 + description: Replicas - + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information for + IronicPassword + type: string + serviceUser: + default: ironic + description: ServiceUser - optional username used for this service + to register in ironic + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + type: object + status: + description: IronicNeutronAgentStatus defines the observed state of ML2 + baremetal - ironic-neutron-agent + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the openstack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of ironic Conductor instances + format: int32 + type: integer + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/ironic.openstack.org_ironics.yaml b/bindata/crds/ironic.openstack.org_ironics.yaml new file mode 100644 index 000000000..cce8b47ad --- /dev/null +++ b/bindata/crds/ironic.openstack.org_ironics.yaml @@ -0,0 +1,1165 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: ironics.ironic.openstack.org +spec: + group: ironic.openstack.org + names: + kind: Ironic + listKind: IronicList + plural: ironics + singular: ironic + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Ironic is the Schema for the ironics API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IronicSpec defines the desired state of Ironic + properties: + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: ironic + description: DatabaseAccount - optional MariaDBAccount used for ironic + DB, defaults to ironic. + type: string + databaseInstance: + description: |- + MariaDB instance name. + Right now required by the maridb-operator to get the credentials from the instance to create the DB. + Might not be required in future. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + images: + default: {} + description: Images - Container images for all ironic services + properties: + api: + description: API - Ironic API Container Image (will be set to + environmental default if empty) + type: string + conductor: + description: Conductor - Ironic Conductor Container Image (will + be set to environmental default if empty) + type: string + inspector: + description: Inspector - Ironic Inspector Container Image (will + be set to environmental default if empty) + type: string + ironicPythonAgent: + description: IronicPythonAgent - Image containing the ironic-python-agent + kernel and ramdisk + type: string + neutronAgent: + description: NeutronAgent - ML2 baremtal - Ironic Neutron Agent + Image (will be set to environmental default if empty) + type: string + pxe: + description: Pxe- Ironic DHCP/TFTP/HTTP Container Image URL (will + be set to environmental default if empty) + type: string + type: object + ironicAPI: + description: IronicAPI - Spec definition for the API service of this + Ironic deployment + properties: + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Ironic CR + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the + configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + replicas: + default: 1 + description: Replicas - + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret + for the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + public: + description: Public GenericService - holds the secret + for the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + type: object + ironicConductors: + description: IronicConductors - Spec definitions for the conductor + service of this Ironic deployment + items: + description: IronicConductorTemplate defines the input parameters + for Ironic Conductor service + properties: + conductorGroup: + description: ConductorGroup - Ironic Conductor conductor group. + type: string + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + dhcpRanges: + description: DHCPRanges - List of DHCP ranges to use for provisioning + items: + description: DHCPRange to define address range for DHCP requestes + properties: + cidr: + description: Cidr - IP address prefix (CIDR) representing + an IP network. + type: string + end: + description: End - End of DHCP range + type: string + gateway: + description: Gateway - IP address for the router + type: string + mtu: + description: MTU - Maximum Transmission Unit + type: integer + name: + description: Name - Name of the DHCPRange (used for tagging + in dnsmasq) + type: string + podIndex: + description: PodIndex - Maps the DHCPRange to a specific + statefulset pod index + type: integer + start: + description: Start - Start of DHCP range + type: string + required: + - cidr + - end + - start + type: object + type: array + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Ironic CR + type: object + provisionNetwork: + description: ProvisionNetwork - Additional network to attach + to expose boot DHCP, TFTP, HTTP services. + type: string + replicas: + default: 1 + description: Replicas - + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + storageClass: + default: "" + description: StorageClass + type: string + storageRequest: + description: StorageRequest + type: string + required: + - storageClass + - storageRequest + type: object + type: array + ironicInspector: + description: IronicInspector - Spec definition for the inspector service + of this Ironic deployment + properties: + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: ironic-inspector + description: |- + DatabaseAccount - optional MariaDBAccount used for ironic DB, defaults to ironic-inspector. + this is separate from the account used for ironic, as a MariaDBAccount can only + refer to a single MariaDBDatabase and it appears that ironic inspector uses its + own MariaDBDatabase. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + dhcpRanges: + description: DHCPRanges - List of DHCP ranges to use for provisioning + items: + description: DHCPRange to define address range for DHCP requestes + properties: + cidr: + description: Cidr - IP address prefix (CIDR) representing + an IP network. + type: string + end: + description: End - End of DHCP range + type: string + gateway: + description: Gateway - IP address for the router + type: string + mtu: + description: MTU - Maximum Transmission Unit + type: integer + name: + description: Name - Name of the DHCPRange (used for tagging + in dnsmasq) + type: string + podIndex: + description: PodIndex - Maps the DHCPRange to a specific + statefulset pod index + type: integer + start: + description: Start - Start of DHCP range + type: string + required: + - cidr + - end + - start + type: object + type: array + inspectionNetwork: + description: InspectionNetwork - Additional network to attach + to expose boot DHCP, TFTP, HTTP services. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Ironic CR + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the + configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelectors: + default: + service: IronicInspectorPassword + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret + properties: + service: + default: IronicInspectorPassword + description: Service - Selector to get the ironic-inspector + service password from the Secret + type: string + type: object + preserveJobs: + default: true + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + replicas: + default: 1 + description: Replicas - Ironic Inspector Replicas + format: int32 + maximum: 1 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + serviceUser: + default: ironic-inspector + description: ServiceUser - optional username used for this service + to register in ironic-inspector + type: string + storageClass: + description: StorageClass + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret + for the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + public: + description: Public GenericService - holds the secret + for the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + type: object + ironicNeutronAgent: + description: |- + IronicNeutronAgent - Spec definition for the ML2 baremetal ironic-neutron-agent + service of this Ironic deployment + properties: + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Ironic CR + type: object + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Ironic + type: string + replicas: + default: 1 + description: Replicas - + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting + NodeSelector here acts as a default value and can be overridden by service + specific NodeSelector Settings. + type: object + passwordSelectors: + default: + service: IronicPassword + description: PasswordSelectors - Selectors to identify the DB and + ServiceUser password from the Secret + properties: + service: + default: IronicPassword + description: Service - Selector to get the ironic service password + from the Secret + type: string + type: object + preserveJobs: + default: true + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Ironic + type: string + rpcTransport: + description: |- + RPC transport type - Which RPC transport implementation to use between + conductor and API services. 'oslo' to use oslo.messaging transport + or 'json-rpc' to use JSON RPC transport. NOTE -> ironic and ironic-inspector + require oslo.messaging transport when not in standalone mode. + type: string + secret: + description: Secret containing OpenStack password information for + ironic IronicPassword + type: string + serviceUser: + default: ironic + description: ServiceUser - optional username used for this service + to register in ironic + type: string + standalone: + default: false + description: Whether to deploy a standalone Ironic. + type: boolean + storageClass: + default: "" + description: |- + Storage class to host data. This is passed to IronicConductors unless + storageClass is explicitly set for the conductor. + type: string + required: + - databaseInstance + - ironicAPI + - ironicInspector + - ironicNeutronAgent + - secret + - storageClass + type: object + status: + description: IronicStatus defines the observed state of Ironic + properties: + apiEndpoints: + additionalProperties: + additionalProperties: + type: string + type: object + description: API endpoint + type: object + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + description: Ironic Database Hostname + type: string + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + ironicAPIReadyCount: + description: ReadyCount of Ironic API instance + format: int32 + type: integer + ironicConductorReadyCount: + additionalProperties: + format: int32 + type: integer + description: ReadyCount of Ironic Conductor instance + type: object + ironicInspectorReadyCount: + description: ReadyCount of Ironic Inspector instance + format: int32 + type: integer + ironicNeutronAgentReadyCount: + description: ReadyCount of Ironic Neutron Agent instance + format: int32 + type: integer + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the openstack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/keystone.openstack.org_keystoneapis.yaml b/bindata/crds/keystone.openstack.org_keystoneapis.yaml new file mode 100644 index 000000000..fa8cff075 --- /dev/null +++ b/bindata/crds/keystone.openstack.org_keystoneapis.yaml @@ -0,0 +1,530 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: keystoneapis.keystone.openstack.org +spec: + group: keystone.openstack.org + names: + kind: KeystoneAPI + listKind: KeystoneAPIList + plural: keystoneapis + singular: keystoneapi + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .spec.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KeystoneAPI is the Schema for the keystoneapis API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + adminProject: + default: admin + description: AdminProject - admin project name + type: string + adminUser: + default: admin + description: AdminUser - admin user name + type: string + containerImage: + description: Keystone Container Image URL (will be set to environmental + default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: keystone + description: DatabaseAccount - name of MariaDBAccount which will be + used to connect. + type: string + databaseInstance: + description: |- + MariaDB instance name + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + enableSecureRBAC: + default: true + description: EnableSecureRBAC - Enable Consistent and Secure RBAC + policies + type: boolean + fernetMaxActiveKeys: + default: 5 + description: FernetMaxActiveKeys - Maximum number of fernet token + keys after rotation + format: int32 + minimum: 3 + type: integer + fernetRotationDays: + default: 1 + description: FernetRotationDays - Rotate fernet token keys every X + days + format: int32 + minimum: 1 + type: integer + httpdCustomization: + description: HttpdCustomization - customize the httpd service + properties: + processNumber: + default: 3 + description: ProcessNumber - Number of processes running in keystone + API + format: int32 + minimum: 1 + type: integer + type: object + memcachedInstance: + default: memcached + description: Memcached instance name. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelectors: + default: + admin: AdminPassword + description: PasswordSelectors - Selectors to identify the AdminUser + password from the Secret + properties: + admin: + default: AdminPassword + description: Admin - Selector to get the keystone Admin password + from the Secret + type: string + type: object + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Keystone + type: string + region: + default: regionOne + description: Region - optional region name for the keystone service + type: string + replicas: + default: 1 + description: Replicas of keystone API to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information for + keystone AdminPassword + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret for + the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + public: + description: Public GenericService - holds the secret for + the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + trustFlushArgs: + default: "" + description: TrustFlushArgs - Arguments added to keystone-manage trust_flush + command + type: string + trustFlushSchedule: + default: 1 * * * * + description: TrustFlushSchedule - Schedule to purge expired or soft-deleted + trusts from database + type: string + trustFlushSuspend: + default: false + description: TrustFlushSuspend - Suspend the cron job to purge trusts + type: boolean + required: + - containerImage + - databaseInstance + - memcachedInstance + - rabbitMqClusterName + - secret + type: object + status: + description: KeystoneAPIStatus defines the observed state of KeystoneAPI + properties: + apiEndpoints: + additionalProperties: + type: string + description: API endpoint + type: object + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + description: Keystone Database Hostname + type: string + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: ObservedGeneration - the most recent generation observed + for this service. If the observed generation is less than the spec + generation, then the controller has not processed the latest changes. + format: int64 + type: integer + readyCount: + description: ReadyCount of keystone API instances + format: int32 + type: integer + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/keystone.openstack.org_keystoneendpoints.yaml b/bindata/crds/keystone.openstack.org_keystoneendpoints.yaml new file mode 100644 index 000000000..87bdf5568 --- /dev/null +++ b/bindata/crds/keystone.openstack.org_keystoneendpoints.yaml @@ -0,0 +1,127 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: keystoneendpoints.keystone.openstack.org +spec: + group: keystone.openstack.org + names: + kind: KeystoneEndpoint + listKind: KeystoneEndpointList + plural: keystoneendpoints + singular: keystoneendpoint + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KeystoneEndpoint is the Schema for the keystoneendpoints API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KeystoneEndpointSpec defines the desired state of KeystoneEndpoint + properties: + endpoints: + additionalProperties: + type: string + description: Endpoints - map with service api endpoint URLs with the + endpoint type as index + type: object + serviceName: + description: ServiceName - Name of the service to create the endpoint + for + type: string + required: + - endpoints + - serviceName + type: object + status: + description: KeystoneEndpointStatus defines the observed state of KeystoneEndpoint + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + endpointIDs: + additionalProperties: + type: string + type: object + serviceID: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/keystone.openstack.org_keystoneservices.yaml b/bindata/crds/keystone.openstack.org_keystoneservices.yaml new file mode 100644 index 000000000..13594fb60 --- /dev/null +++ b/bindata/crds/keystone.openstack.org_keystoneservices.yaml @@ -0,0 +1,140 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: keystoneservices.keystone.openstack.org +spec: + group: keystone.openstack.org + names: + kind: KeystoneService + listKind: KeystoneServiceList + plural: keystoneservices + singular: keystoneservice + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KeystoneService is the Schema for the keystoneservices API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KeystoneServiceSpec defines the desired state of KeystoneService + properties: + enabled: + description: Enabled - whether or not the service is enabled. + type: boolean + passwordSelector: + description: PasswordSelector - Selector to get the ServiceUser password + from the Secret, e.g. PlacementPassword + type: string + secret: + description: Secret containing OpenStack password information for + the ServiceUser + type: string + serviceDescription: + description: ServiceDescription - Description for the service. + type: string + serviceName: + description: ServiceName - Name of the service. + type: string + serviceType: + description: ServiceType - Type is the type of the service. + type: string + serviceUser: + description: ServiceUser - optional username used for this service + type: string + required: + - enabled + - passwordSelector + - secret + - serviceName + - serviceType + - serviceUser + type: object + status: + description: KeystoneServiceStatus defines the observed state of KeystoneService + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + serviceID: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/manila.openstack.org_manilaapis.yaml b/bindata/crds/manila.openstack.org_manilaapis.yaml new file mode 100644 index 000000000..4a6c3faa5 --- /dev/null +++ b/bindata/crds/manila.openstack.org_manilaapis.yaml @@ -0,0 +1,725 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: manilaapis.manila.openstack.org +spec: + group: manila.openstack.org + names: + kind: ManilaAPI + listKind: ManilaAPIList + plural: manilaapis + singular: manilaapi + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + containerImage: + type: string + customServiceConfig: + default: '# add your customization here' + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: manila + type: string + databaseHostname: + type: string + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + passwordSelectors: + default: + service: ManilaPassword + properties: + service: + default: ManilaPassword + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: manila + type: string + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + transportURLSecret: + type: string + required: + - containerImage + - serviceAccount + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + type: object + observedGeneration: + format: int64 + type: integer + readyCount: + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/manila.openstack.org_manilas.yaml b/bindata/crds/manila.openstack.org_manilas.yaml new file mode 100644 index 000000000..ddc76229c --- /dev/null +++ b/bindata/crds/manila.openstack.org_manilas.yaml @@ -0,0 +1,886 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: manilas.manila.openstack.org +spec: + group: manila.openstack.org + names: + kind: Manila + listKind: ManilaList + plural: manilas + singular: manila + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + apiTimeout: + default: 60 + minimum: 10 + type: integer + customServiceConfig: + default: '# add your customization here' + type: string + databaseAccount: + default: manila + type: string + databaseInstance: + type: string + dbPurge: + properties: + age: + default: 30 + minimum: 1 + type: integer + schedule: + default: 1 0 * * * + type: string + type: object + debug: + properties: + dbPurge: + default: false + type: boolean + type: object + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + manilaAPI: + properties: + containerImage: + type: string + customServiceConfig: + default: '# add your customization here' + type: string + customServiceConfigSecrets: + items: + type: string + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tls: + properties: + api: + properties: + internal: + properties: + secretName: + type: string + type: object + public: + properties: + secretName: + type: string + type: object + type: object + caBundleSecretName: + type: string + type: object + required: + - containerImage + type: object + manilaScheduler: + properties: + containerImage: + type: string + customServiceConfig: + default: '# add your customization here' + type: string + customServiceConfigSecrets: + items: + type: string + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + manilaShares: + additionalProperties: + properties: + containerImage: + type: string + customServiceConfig: + default: '# add your customization here' + type: string + customServiceConfigSecrets: + items: + type: string + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + type: object + memcachedInstance: + default: memcached + type: string + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: ManilaPassword + properties: + service: + default: ManilaPassword + type: string + type: object + preserveJobs: + default: false + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + secret: + type: string + serviceUser: + default: manila + type: string + required: + - manilaAPI + - manilaScheduler + - memcachedInstance + - rabbitMqClusterName + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + type: string + hash: + additionalProperties: + type: string + type: object + manilaAPIReadyCount: + format: int32 + type: integer + manilaSchedulerReadyCount: + format: int32 + type: integer + manilaSharesReadyCounts: + additionalProperties: + format: int32 + type: integer + type: object + observedGeneration: + format: int64 + type: integer + transportURLSecret: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/manila.openstack.org_manilaschedulers.yaml b/bindata/crds/manila.openstack.org_manilaschedulers.yaml new file mode 100644 index 000000000..9376dc057 --- /dev/null +++ b/bindata/crds/manila.openstack.org_manilaschedulers.yaml @@ -0,0 +1,661 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: manilaschedulers.manila.openstack.org +spec: + group: manila.openstack.org + names: + kind: ManilaScheduler + listKind: ManilaSchedulerList + plural: manilaschedulers + singular: manilascheduler + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + containerImage: + type: string + customServiceConfig: + default: '# add your customization here' + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: manila + type: string + databaseHostname: + type: string + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: ManilaPassword + properties: + service: + default: ManilaPassword + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: manila + type: string + tls: + properties: + caBundleSecretName: + type: string + type: object + transportURLSecret: + type: string + required: + - containerImage + - serviceAccount + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + type: object + observedGeneration: + format: int64 + type: integer + readyCount: + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/manila.openstack.org_manilashares.yaml b/bindata/crds/manila.openstack.org_manilashares.yaml new file mode 100644 index 000000000..e562c02b1 --- /dev/null +++ b/bindata/crds/manila.openstack.org_manilashares.yaml @@ -0,0 +1,661 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: manilashares.manila.openstack.org +spec: + group: manila.openstack.org + names: + kind: ManilaShare + listKind: ManilaShareList + plural: manilashares + singular: manilashare + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + containerImage: + type: string + customServiceConfig: + default: '# add your customization here' + type: string + customServiceConfigSecrets: + items: + type: string + type: array + databaseAccount: + default: manila + type: string + databaseHostname: + type: string + extraMounts: + items: + properties: + extraVol: + items: + properties: + extraVolType: + type: string + mounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + items: + type: string + type: array + volumes: + items: + properties: + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + service: ManilaPassword + properties: + service: + default: ManilaPassword + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: manila + type: string + tls: + properties: + caBundleSecretName: + type: string + type: object + transportURLSecret: + type: string + required: + - containerImage + - serviceAccount + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + type: object + observedGeneration: + format: int64 + type: integer + readyCount: + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/mariadb.openstack.org_galeras.yaml b/bindata/crds/mariadb.openstack.org_galeras.yaml new file mode 100644 index 000000000..c26a386e7 --- /dev/null +++ b/bindata/crds/mariadb.openstack.org_galeras.yaml @@ -0,0 +1,229 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: galeras.mariadb.openstack.org +spec: + group: mariadb.openstack.org + names: + kind: Galera + listKind: GaleraList + plural: galeras + singular: galera + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Ready + jsonPath: .status.conditions[0].status + name: Ready + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Galera is the Schema for the galeras API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: GaleraSpec defines the desired state of Galera + properties: + containerImage: + description: Name of the galera container image to run (will be set + to environmental default if empty) + type: string + customServiceConfig: + description: |- + Customize config using this parameter to change service defaults, + or overwrite rendered information using raw MariaDB config format. + The content gets added to /etc/my.cnf.d/galera_custom.cnf + type: string + disableNonTLSListeners: + description: When TLS is configured, only allow connections to the + DB over TLS + type: boolean + logToDisk: + description: Log Galera pod's output to disk + type: boolean + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + replicas: + default: 1 + description: Size of the galera cluster deployment + format: int32 + maximum: 3 + minimum: 0 + type: integer + secret: + description: Name of the secret to look for password keys + type: string + storageClass: + description: Storage class to host the mariadb databases + type: string + storageRequest: + description: Storage size allocated for the mariadb databases + type: string + tls: + description: TLS settings for MySQL service and internal Galera replication + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + required: + - containerImage + - replicas + - secret + - storageClass + - storageRequest + type: object + status: + description: GaleraStatus defines the observed state of Galera + properties: + attributes: + additionalProperties: + description: GaleraAttributes holds startup information for a Galera + host + properties: + containerID: + description: Identifier of the container at the time the gcomm + URI was injected + type: string + gcomm: + description: Gcomm URI used to connect to the galera cluster + type: string + no_grastate: + description: This galera node has its state recovered from the + DB + type: boolean + safe_to_bootstrap: + description: This galera node can bootstrap a galera cluster + type: boolean + seqno: + description: Last recorded replication sequence number in the + DB + type: string + uuid: + description: UUID of the partition that is seen by the galera + node + type: string + required: + - seqno + type: object + description: A map of database node attributes for each pod + type: object + bootstrapped: + default: false + description: Is the galera cluster currently running + type: boolean + clusterProperties: + additionalProperties: + type: string + description: Map of properties that require full cluster restart if + changed + type: object + conditions: + description: Deployment Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track input changes + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + safeToBootstrap: + description: Name of the node that can safely bootstrap a cluster + type: string + stopRequired: + default: false + description: Does the galera cluster requires to be stopped globally + type: boolean + required: + - bootstrapped + - stopRequired + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/mariadb.openstack.org_mariadbaccounts.yaml b/bindata/crds/mariadb.openstack.org_mariadbaccounts.yaml new file mode 100644 index 000000000..5969f302a --- /dev/null +++ b/bindata/crds/mariadb.openstack.org_mariadbaccounts.yaml @@ -0,0 +1,127 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: mariadbaccounts.mariadb.openstack.org +spec: + group: mariadb.openstack.org + names: + kind: MariaDBAccount + listKind: MariaDBAccountList + plural: mariadbaccounts + singular: mariadbaccount + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: MariaDBAccount is the Schema for the mariadbaccounts API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MariaDBAccountSpec defines the desired state of MariaDBAccount + properties: + requireTLS: + default: false + description: Account must use TLS to connect to the database + type: boolean + secret: + description: Name of secret which contains DatabasePassword + type: string + userName: + description: UserName for new account + type: string + required: + - requireTLS + - secret + - userName + type: object + status: + description: MariaDBAccountStatus defines the observed state of MariaDBAccount + properties: + conditions: + description: Deployment Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/mariadb.openstack.org_mariadbdatabases.yaml b/bindata/crds/mariadb.openstack.org_mariadbdatabases.yaml new file mode 100644 index 000000000..9994e081d --- /dev/null +++ b/bindata/crds/mariadb.openstack.org_mariadbdatabases.yaml @@ -0,0 +1,132 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: mariadbdatabases.mariadb.openstack.org +spec: + group: mariadb.openstack.org + names: + kind: MariaDBDatabase + listKind: MariaDBDatabaseList + plural: mariadbdatabases + singular: mariadbdatabase + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: MariaDBDatabase is the Schema for the mariadbdatabases API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MariaDBDatabaseSpec defines the desired state of MariaDBDatabase + properties: + defaultCharacterSet: + default: utf8 + description: Default character set for this database + type: string + defaultCollation: + default: utf8_general_ci + description: Default collation for this database + type: string + name: + description: Name of the database in MariaDB + type: string + secret: + description: Name of secret which contains DatabasePassword (deprecated) + type: string + type: object + status: + description: MariaDBDatabaseStatus defines the observed state of MariaDBDatabase + properties: + completed: + type: boolean + conditions: + description: Deployment Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + tlsSupport: + description: Whether TLS is supported by the DB instance + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/memcached.openstack.org_memcacheds.yaml b/bindata/crds/memcached.openstack.org_memcacheds.yaml new file mode 100644 index 000000000..a924c2391 --- /dev/null +++ b/bindata/crds/memcached.openstack.org_memcacheds.yaml @@ -0,0 +1,171 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: memcacheds.memcached.openstack.org +spec: + group: memcached.openstack.org + names: + kind: Memcached + listKind: MemcachedList + plural: memcacheds + singular: memcached + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Ready + jsonPath: .status.conditions[0].status + name: Ready + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Memcached is the Schema for the memcacheds API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MemcachedSpec defines the desired state of Memcached + properties: + containerImage: + description: Name of the memcached container image to run (will be + set to environmental default if empty) + type: string + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + replicas: + default: 1 + description: Size of the memcached cluster + format: int32 + maximum: 32 + minimum: 1 + type: integer + tls: + description: TLS settings for memcached service + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + required: + - containerImage + - replicas + type: object + status: + description: MemcachedStatus defines the observed state of Memcached + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track input changes + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of Memcached instances + format: int32 + type: integer + serverList: + description: ServerList - List of memcached endpoints without inet(6) + prefix + items: + type: string + type: array + serverListWithInet: + description: ServerListWithInet - List of memcached endpoints with + inet(6) prefix + items: + type: string + type: array + tlsSupport: + description: Whether TLS is supported by the memcached instance + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/network.openstack.org_bgpconfigurations.yaml b/bindata/crds/network.openstack.org_bgpconfigurations.yaml new file mode 100644 index 000000000..4a7be04ca --- /dev/null +++ b/bindata/crds/network.openstack.org_bgpconfigurations.yaml @@ -0,0 +1,163 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: bgpconfigurations.network.openstack.org +spec: + group: network.openstack.org + names: + kind: BGPConfiguration + listKind: BGPConfigurationList + plural: bgpconfigurations + singular: bgpconfiguration + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: BGPConfiguration is the Schema for the bgpconfigurations API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BGPConfigurationSpec defines the desired state of BGPConfiguration + properties: + frrConfigurationNamespace: + default: metallb-system + description: FRRConfigurationNamespace - namespace where to create + the FRRConfiguration. Defaults to metallb-system. + type: string + frrNodeConfigurationSelector: + description: |- + FRRNodeConfigurationSelector - per default the FRRConfiguration per node within the FRRConfigurationNamespace + gets queried using the FRRConfiguration.spec.NodeSelector `kubernetes.io/hostname: worker-0`. In case a more + specific + items: + description: FRRNodeConfigurationSelectorType - + properties: + frrConfigurationNamespace: + description: NodeName - name of the node object as seen by + running the `oc get nodes` command + type: string + nodeSelector: + description: NodeSelector to identify the correct FRRConfiguration + from spec.nodeSelector + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + type: object + status: + description: BGPConfigurationStatus defines the observed state of BGPConfiguration + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/network.openstack.org_dnsdata.yaml b/bindata/crds/network.openstack.org_dnsdata.yaml new file mode 100644 index 000000000..d08bb9b38 --- /dev/null +++ b/bindata/crds/network.openstack.org_dnsdata.yaml @@ -0,0 +1,142 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: dnsdata.network.openstack.org +spec: + group: network.openstack.org + names: + kind: DNSData + listKind: DNSDataList + plural: dnsdata + singular: dnsdata + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Ready + jsonPath: .status.conditions[0].status + name: Ready + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: DNSData is the Schema for the dnsdata API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DNSDataSpec defines the desired state of DNSData + properties: + dnsDataLabelSelectorValue: + default: dnsdata + description: Value of the DNSDataLabelSelector to set on the created + configmaps containing hosts information + type: string + hosts: + items: + description: DNSHost holds the mapping between IP and hostnames + that will be added to dnsmasq hosts file. + properties: + hostnames: + description: Hostnames for the IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + type: object + status: + description: DNSDataStatus defines the observed state of DNSData + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + description: Map of the dns data configmap + type: string + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/network.openstack.org_dnsmasqs.yaml b/bindata/crds/network.openstack.org_dnsmasqs.yaml new file mode 100644 index 000000000..587307b35 --- /dev/null +++ b/bindata/crds/network.openstack.org_dnsmasqs.yaml @@ -0,0 +1,338 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: dnsmasqs.network.openstack.org +spec: + group: network.openstack.org + names: + kind: DNSMasq + listKind: DNSMasqList + plural: dnsmasqs + singular: dnsmasq + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Ready + jsonPath: .status.conditions[0].status + name: Ready + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: DNSMasq is the Schema for the dnsmasqs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DNSMasqSpec defines the desired state of DNSMasq + properties: + containerImage: + description: DNSMasq Container Image URL + type: string + dnsDataLabelSelectorValue: + default: dnsdata + description: Value of the DNSDataLabelSelectorKey which was set on + the configmaps containing hosts information + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting + NodeSelector here acts as a default value and can be overridden by service + specific NodeSelector Settings. + type: object + options: + description: Options allows to customize the dnsmasq instance + items: + description: DNSMasqOption defines allowed options for dnsmasq + properties: + key: + enum: + - server + - rev-server + - srv-host + - txt-record + - ptr-record + - rebind-domain-ok + - naptr-record + - cname + - host-record + - caa-record + - dns-rr + - auth-zone + - synth-domain + - no-negcache + - local + type: string + values: + items: + type: string + type: array + required: + - key + - values + type: object + type: array + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + description: Override configuration for the Service created to + serve traffic to the cluster. + properties: + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + type: object + replicas: + default: 1 + description: Replicas - DNSMasq Replicas + format: int32 + type: integer + type: object + status: + description: DNSMasqStatus defines the observed state of DNSMasq + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dnsAddresses: + description: DNSServer Addresses + items: + type: string + type: array + dnsClusterAddresses: + description: DNSServer Cluster Addresses + items: + type: string + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of dnsmasq deployment + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/network.openstack.org_ipsets.yaml b/bindata/crds/network.openstack.org_ipsets.yaml new file mode 100644 index 000000000..fabe2d87c --- /dev/null +++ b/bindata/crds/network.openstack.org_ipsets.yaml @@ -0,0 +1,214 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: ipsets.network.openstack.org +spec: + group: network.openstack.org + names: + kind: IPSet + listKind: IPSetList + plural: ipsets + singular: ipset + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Ready + jsonPath: .status.conditions[0].status + name: Ready + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + - description: Reservation + jsonPath: .status.reservation + name: Reservation + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: IPSet is the Schema for the ipsets API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IPSetSpec defines the desired state of IPSet + properties: + immutable: + default: false + description: |- + Immutable, if `true` the validation webhook will block any update to the Spec, except of Spec.Immutable. + This allows the caller to add safety mechanism to the object. If a change is required to the object, + an extra update needs to be done to make updates possible. + type: boolean + networks: + description: Networks used to request IPs for + items: + description: IPSetNetwork Type + properties: + defaultRoute: + description: Use gateway from subnet as default route. There + can only be one default route defined per IPSet. + type: boolean + fixedIP: + description: Fixed Ip + type: string + name: + description: Network Name + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + subnetName: + description: Subnet Name + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + required: + - name + - subnetName + type: object + type: array + required: + - networks + type: object + status: + description: IPSetStatus defines the observed state of IPSet + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + reservations: + description: Reservation + items: + description: IPSetReservation defines reservation status per requested + network + properties: + address: + description: Address contains the IP address + type: string + cidr: + description: Cidr the cidr to use for this network + type: string + dnsDomain: + description: DNSDomain of the subnet + type: string + gateway: + description: Gateway optional gateway for the network + type: string + mtu: + description: MTU of the network + type: integer + network: + description: Network name + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + routes: + description: Routes, list of networks that should be routed + via network gateway. + items: + description: Route definition + properties: + destination: + description: Destination, network CIDR + type: string + nexthop: + description: Nexthop, gateway for the destination + type: string + required: + - destination + - nexthop + type: object + type: array + serviceNetwork: + description: ServiceNetwork mapping + pattern: ^[a-z0-9][a-z0-9\-_]*[a-z0-9]$ + type: string + subnet: + description: Subnet name + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + vlan: + description: Vlan ID + type: integer + required: + - address + - dnsDomain + - network + - subnet + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/network.openstack.org_netconfigs.yaml b/bindata/crds/network.openstack.org_netconfigs.yaml new file mode 100644 index 000000000..7fdd6a1a6 --- /dev/null +++ b/bindata/crds/network.openstack.org_netconfigs.yaml @@ -0,0 +1,159 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: netconfigs.network.openstack.org +spec: + group: network.openstack.org + names: + kind: NetConfig + listKind: NetConfigList + plural: netconfigs + shortNames: + - netcfg + - netscfg + singular: netconfig + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: NetConfig is the Schema for the netconfigs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetConfigSpec defines the desired state of NetConfig + properties: + networks: + description: Networks, list of all networks of the deployment + items: + description: Network definition + properties: + dnsDomain: + description: DNSDomain name of the Network + type: string + mtu: + default: 1500 + description: MTU of the network + type: integer + name: + description: Name of the network, e.g. External, InternalApi, + ... + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + serviceNetwork: + description: Service network mapping + pattern: ^[a-z0-9][a-z0-9\-_]*[a-z0-9]$ + type: string + subnets: + description: Subnets of the network + items: + description: Subnet definition + properties: + allocationRanges: + description: |- + AllocationRanges a list of AllocationRange for assignment. Allocation will start + from first range, first address. + items: + description: AllocationRange definition + properties: + end: + description: End IP for the AllocationRange + type: string + start: + description: Start IP for the AllocationRange + type: string + required: + - end + - start + type: object + type: array + cidr: + description: Cidr the cidr to use for this network + type: string + dnsDomain: + description: DNSDomain name of the subnet, allows to overwrite + the DNSDomain of the Network + type: string + excludeAddresses: + description: |- + ExcludeAddresses a set of IPs that should be excluded from used as reservation, for both dynamic + and static via IPSet FixedIP parameter + items: + type: string + type: array + gateway: + description: Gateway optional gateway for the network + type: string + name: + description: Name of the subnet + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + routes: + description: Routes, list of networks that should be routed + via network gateway. + items: + description: Route definition + properties: + destination: + description: Destination, network CIDR + type: string + nexthop: + description: Nexthop, gateway for the destination + type: string + required: + - destination + - nexthop + type: object + type: array + vlan: + description: Vlan ID + maximum: 4094 + type: integer + required: + - allocationRanges + - cidr + - name + type: object + type: array + required: + - dnsDomain + - name + - subnets + type: object + type: array + required: + - networks + type: object + status: + description: NetConfigStatus defines the observed state of NetConfig + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/network.openstack.org_reservations.yaml b/bindata/crds/network.openstack.org_reservations.yaml new file mode 100644 index 000000000..2785c951c --- /dev/null +++ b/bindata/crds/network.openstack.org_reservations.yaml @@ -0,0 +1,131 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: reservations.network.openstack.org +spec: + group: network.openstack.org + names: + kind: Reservation + listKind: ReservationList + plural: reservations + singular: reservation + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Reservation + jsonPath: .spec.reservation + name: Reservation + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Reservation is the Schema for the reservations API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ReservationSpec defines the desired state of Reservation + properties: + ipSetRef: + description: IPSetRef points to the IPSet object the IPs were created + for. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + reservation: + additionalProperties: + description: IPAddress - + properties: + address: + description: Address contains the IP address + type: string + network: + description: Network name + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + subnet: + description: Subnet name + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + required: + - address + - network + - subnet + type: object + description: Reservation, map (index network name) with reservation + type: object + required: + - ipSetRef + - reservation + type: object + status: + description: ReservationStatus defines the observed state of Reservation + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/neutron.openstack.org_neutronapis.yaml b/bindata/crds/neutron.openstack.org_neutronapis.yaml new file mode 100644 index 000000000..7fae25e64 --- /dev/null +++ b/bindata/crds/neutron.openstack.org_neutronapis.yaml @@ -0,0 +1,1564 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: neutronapis.neutron.openstack.org +spec: + group: neutron.openstack.org + names: + kind: NeutronAPI + listKind: NeutronAPIList + plural: neutronapis + singular: neutronapi + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: NeutronAPI is the Schema for the neutronapis API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NeutronAPISpec defines the desired state of NeutronAPI + properties: + apiTimeout: + default: 120 + description: APITimeout for HAProxy, Apache + minimum: 1 + type: integer + containerImage: + description: NeutronAPI Container Image URL (will be set to environmental + default if empty) + type: string + corePlugin: + default: ml2 + description: CorePlugin - Neutron core plugin to use. Using "ml2" + if not set. + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: neutron + description: DatabaseAccount - optional MariaDBAccount CR name used + for neutron DB, defaults to neutron + type: string + databaseInstance: + description: |- + MariaDB instance name + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: DefaultConfigOverwrite - interface to overwrite default + config files like policy.yaml + type: object + extraMounts: + description: ExtraMounts containing conf files + items: + description: |- + NeutronExtraVolMounts exposes additional parameters processed by the neutron-operator + and defines the common VolMounts structure provided by the main storage module + properties: + extraVol: + items: + description: |- + VolMounts is the data structure used to expose Volumes and Mounts that can + be added to a pod according to the defined Propagation policy + properties: + extraVolType: + description: Label associated to a given extraMount + type: string + mounts: + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + propagation: + description: Propagation defines which pod should mount + the volume + items: + description: |- + PropagationType identifies the Service, Group or instance (e.g. the backend) that + receives an Extra Volume that can potentially be mounted + type: string + type: array + volumes: + items: + description: Volume our slimmed down version of Volume + properties: + cephfs: + description: cephFS represents a Ceph FS mount on + the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph tree, + default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + configMap: + description: configMap represents a configMap that + should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. + Must not be absolute or contain the + ''..'' path. Must be utf-8 encoded. + The first item of the relative path + must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and + then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + hostPath: + description: |- + Represents a host path mapped into a pod. + Host path volumes do not support ownership management or SELinux relabeling. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for + iSCSI target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: Name of the volume + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or contain + the ''..'' path. Must be utf-8 + encoded. The first item of + the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the + output format of the exposed + resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify + whether the Secret or its key must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to + project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of + the ScaleIO Protection Domain for the configured + storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + required: + - name + type: object + type: array + required: + - mounts + - volumes + type: object + type: array + name: + type: string + region: + type: string + required: + - extraVol + type: object + type: array + memcachedInstance: + default: memcached + description: Memcached instance name. + type: string + ml2MechanismDrivers: + default: + - ovn + description: Ml2MechanismDrivers - list of ml2 drivers to enable. + Using {"ovn"} if not set. + items: + type: string + type: array + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelectors: + default: + service: NeutronPassword + description: PasswordSelectors - Selectors to identify the ServiceUser + password from the Secret + properties: + service: + default: NeutronPassword + description: Database - Selector to get the neutron service password + from the Secret + type: string + type: object + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Neutron + type: string + replicas: + default: 1 + description: Replicas of neutron API to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information for + NeutronPassword + type: string + serviceUser: + default: neutron + description: ServiceUser - optional username used for this service + to register in neutron + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret for + the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + public: + description: Public GenericService - holds the secret for + the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + ovn: + description: Ovn GenericService - holds the secret for the OvnDb + client cert + properties: + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + type: object + required: + - containerImage + - databaseInstance + - memcachedInstance + - rabbitMqClusterName + - secret + type: object + status: + description: NeutronAPIStatus defines the observed state of NeutronAPI + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + description: Neutron Database Hostname + type: string + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of neutron API instances + format: int32 + type: integer + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/nova.openstack.org_nova.yaml b/bindata/crds/nova.openstack.org_nova.yaml new file mode 100644 index 000000000..0c7e32470 --- /dev/null +++ b/bindata/crds/nova.openstack.org_nova.yaml @@ -0,0 +1,1734 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: nova.nova.openstack.org +spec: + group: nova.openstack.org + names: + kind: Nova + listKind: NovaList + plural: nova + singular: nova + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Nova is the Schema for the nova API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NovaSpec defines the desired state of Nova + properties: + apiContainerImageURL: + description: APIContainerImageURL + type: string + apiDatabaseAccount: + default: nova-api + description: APIDatabaseAccount - MariaDBAccount to use when accessing + the API DB + type: string + apiDatabaseInstance: + default: openstack + description: |- + APIDatabaseInstance is the name of the MariaDB CR to select the DB + Service instance used for the Nova API DB. + type: string + apiMessageBusInstance: + default: rabbitmq + description: |- + APIMessageBusInstance is the name of the RabbitMqCluster CR to select + the Message Bus Service instance used by the Nova top level services to + communicate. + type: string + apiServiceTemplate: + default: + replicas: 1 + description: APIServiceTemplate - define the nova-api service + properties: + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: DefaultConfigOverwrite - interface to overwrite default + config files like e.g. api-paste.ini or policy.yaml. + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Nova CR. + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the + configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + replicas: + default: 1 + description: Replicas of the service to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret + for the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + public: + description: Public GenericService - holds the secret + for the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + type: object + cellTemplates: + additionalProperties: + description: |- + NovaCellTemplate defines the input parameters specified by the user to + create a NovaCell via higher level CRDs. + properties: + cellDatabaseAccount: + description: CellDatabaseAccount - MariaDBAccount to use when + accessing the give cell DB + type: string + cellDatabaseInstance: + default: openstack + description: |- + CellDatabaseInstance is the name of the MariaDB CR to select the DB + Service instance used as the DB of this cell. + type: string + cellMessageBusInstance: + default: rabbitmq + description: |- + CellMessageBusInstance is the name of the RabbitMqCluster CR to select + the Message Bus Service instance used by the nova services to + communicate in this cell. For cell0 it is unused. + type: string + conductorServiceTemplate: + description: ConductorServiceTemplate - defines the cell conductor + deployment for the cell. + properties: + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Nova CR. + type: object + replicas: + default: 1 + description: Replicas of the service to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + dbPurge: + description: DBPurge defines the parameters for the DB archiving + and purging cron job + properties: + archiveAge: + default: 30 + description: |- + ArchiveAge defines the minimum age of the records in days that can be + moved to the shadow tables. + minimum: 1 + type: integer + purgeAge: + default: 90 + description: |- + PurgeAge defines the minimum age of the records in days that can be + deleted from the shadow tables + minimum: 1 + type: integer + schedule: + default: 0 0 * * * + description: |- + Schedule defines when to run the DB maintenance job in a cron format. + By default it runs every midnight. + type: string + type: object + hasAPIAccess: + description: |- + HasAPIAccess defines if this Cell is configured to have access to the + API DB and message bus. + type: boolean + memcachedInstance: + description: |- + MemcachedInstance is the name of the Memcached CR that the services in the cell will use. + If defined then this takes precedence over Nova.Spec.MemcachedInstance for this cel + type: string + metadataServiceTemplate: + description: |- + MetadataServiceTemplate - defines the metadata service dedicated for the + cell. Note that for cell0 metadata service should not be deployed. Also + if metadata service needs to be deployed per cell here then it should + not be enabled to be deployed on the top level via the Nova CR at the + same time. By default Nova CR deploys the metadata service at the top + level and disables it on the cell level. + properties: + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: DefaultConfigOverwrite - interface to overwrite + default config files like e.g. api-paste.ini. + type: object + enabled: + description: |- + Enabled - Whether NovaMetadata services should be deployed and managed. + If it is set to false then the related NovaMetadata CR will be deleted + if exists and owned by a higher level nova CR (Nova or NovaCell). If it + exist but not owned by a higher level nova CR then the NovaMetadata CR + will not be touched. + If it is set to true the a NovaMetadata CR will be created. + If there is already a manually created NovaMetadata CR with the relevant + name then this operator will not try to update that CR, instead + the higher level nova CR will be in error state until the manually + create NovaMetadata CR is deleted manually. + type: boolean + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Nova CR. + type: object + override: + description: Override, provides the ability to override + the generated manifest of several child resources. + properties: + service: + description: |- + Override configuration for the Service created to serve traffic to the cluster for internal + communication. + properties: + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains + the configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + type: object + replicas: + default: 1 + description: Replicas of the service to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs + in a pre-created bundle file + type: string + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + type: object + noVNCProxyServiceTemplate: + description: |- + NoVNCProxyServiceTemplate - defines the novncproxy service dedicated for + the cell. Note that for cell0 novncproxy should not be deployed so + the enabled field of this template is defaulted to false in cell0 but + defaulted to true in other cells. + properties: + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + enabled: + description: |- + Enabled - Whether NovaNoVNCProxy services should be deployed and managed. + If it is set to false then the related NovaNoVNCProxy CR will be deleted + if exists and owned by the NovaCell. If it exist but not owned by the + NovaCell then the NovaNoVNCProxy will not be touched. + If it is set to true the a NovaNoVNCProxy CR will be created. + If there is already a manually created NovaNoVNCProxy CR with the + relevant name then the cell will not try to update that CR, instead the + NovaCell be in error state until the manually create NovaNoVNCProxy CR + is deleted by the operator. + type: boolean + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes + running this service + type: object + override: + description: Override, provides the ability to override + the generated manifest of several child resources. + properties: + service: + description: Override configuration for the Service + created to serve traffic to the cluster. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains + the configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + type: object + replicas: + default: 1 + description: Replicas of the service to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs + in a pre-created bundle file + type: string + service: + description: Service - Cert secret used for the nova + novnc service endpoint + properties: + secretName: + description: SecretName - holding the cert, key + for the service + type: string + type: object + vencrypt: + description: |- + Vencrypt - cert secret containing the x509 certificate to be presented to the VNC server. + The CommonName field should match the primary hostname of the controller node. If using a HA deployment, + the Organization field can also be configured to a value that is common across all console proxy instances in the deployment. + https://docs.openstack.org/nova/latest/admin/remote-console-access.html#novnc-proxy-server-configuration + properties: + secretName: + description: SecretName - holding the cert, key + for the service + type: string + type: object + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + cell. + type: object + novaComputeTemplates: + additionalProperties: + description: |- + NovaComputeTemplate defines the input parameters specified by the user to + create a NovaCompute via higher level CRDs. + properties: + computeDriver: + description: ComputeDriver - defines which driver to use + for controlling virtualization + enum: + - ironic.IronicDriver + - fake.FakeDriver + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: DefaultConfigOverwrite - interface to overwrite + default config files like e.g. provider.yaml + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Nova CR. + type: object + replicas: + default: 1 + description: Replicas of the service to run. For ironic.IronicDriver + the max replica is 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - computeDriver + type: object + description: |- + NovaComputeTemplates - map of nova computes template with selected drivers in format + compute_name: compute_template. Key from map is arbitrary name for the compute with + a limit of 20 characters. + type: object + required: + - cellDatabaseAccount + - hasAPIAccess + type: object + default: + cell0: + cellDatabaseAccount: nova-cell0 + hasAPIAccess: true + cell1: + cellDatabaseAccount: nova-cell1 + cellDatabaseInstance: openstack-cell1 + cellMessageBusInstance: rabbitmq-cell1 + hasAPIAccess: true + description: |- + Cells is a mapping of cell names to NovaCellTemplate objects defining + the cells in the deployment. The "cell0" cell is a mandatory cell in + every deployment. Moreover any real deployment needs at least one + additional normal cell as "cell0" cannot have any computes. + type: object + computeContainerImageURL: + description: NovaComputeContainerImageURL + type: string + conductorContainerImageURL: + description: ConductorContainerImageURL + type: string + keystoneInstance: + default: keystone + description: |- + KeystoneInstance to name of the KeystoneAPI CR to select the Service + instance used by the Nova services to authenticate. + type: string + memcachedInstance: + default: memcached + description: MemcachedInstance is the name of the Memcached CR that + all nova service will use. + type: string + metadataContainerImageURL: + description: MetadataContainerImageURL + type: string + metadataServiceTemplate: + default: + enabled: true + description: |- + MetadataServiceTemplate - defines the metadata service that is global + for the deployment serving all the cells. Note that if you want to + deploy metadata per cell then the metadata service should be disabled + here and enabled in the cellTemplates instead. + properties: + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: DefaultConfigOverwrite - interface to overwrite default + config files like e.g. api-paste.ini. + type: object + enabled: + description: |- + Enabled - Whether NovaMetadata services should be deployed and managed. + If it is set to false then the related NovaMetadata CR will be deleted + if exists and owned by a higher level nova CR (Nova or NovaCell). If it + exist but not owned by a higher level nova CR then the NovaMetadata CR + will not be touched. + If it is set to true the a NovaMetadata CR will be created. + If there is already a manually created NovaMetadata CR with the relevant + name then this operator will not try to update that CR, instead + the higher level nova CR will be in error state until the manually + create NovaMetadata CR is deleted manually. + type: boolean + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Nova CR. + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + description: |- + Override configuration for the Service created to serve traffic to the cluster for internal + communication. + properties: + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + type: object + replicas: + default: 1 + description: Replicas of the service to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting + NodeSelector here acts as a default value and can be overridden by service + specific NodeSelector Settings. + type: object + novncproxyContainerImageURL: + description: NoVNCContainerImageURL + type: string + passwordSelectors: + default: + service: NovaPassword + description: |- + PasswordSelectors - Selectors to identify the DB and ServiceUser + passwords from the Secret + properties: + metadataSecret: + default: MetadataSecret + description: |- + MetadataSecret - the name of the field to get the metadata secret from the + Secret + type: string + prefixMetadataCellsSecret: + default: MetadataCellsSecret + description: |- + prefixMetadataCellsSecret - the prefix name of the field to get the metadata secret from the + Secret for cells. Vale of metadata_proxy_shared_secret + information for the nova-metadata service. This secret is shared + between nova and neutron ovn-metadata inside selected cell + and if this is not defined the global metadata_proxy_shared_secret + secret will be used + type: string + service: + default: NovaPassword + description: |- + Service - Selector to get the keystone service user password from the + Secret + type: string + type: object + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + schedulerContainerImageURL: + description: SchedulerContainerImageURL + type: string + schedulerServiceTemplate: + default: + replicas: 1 + description: SchedulerServiceTemplate- define the nova-scheduler service + properties: + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Nova CR. + type: object + replicas: + default: 1 + description: Replicas of the service to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + secret: + description: |- + Secret is the name of the Secret instance containing password + information for nova like the keystone service password and DB passwords + type: string + serviceUser: + default: nova + description: ServiceUser - optional username used for this service + to register in keystone + type: string + required: + - apiContainerImageURL + - computeContainerImageURL + - conductorContainerImageURL + - metadataContainerImageURL + - novncproxyContainerImageURL + - schedulerContainerImageURL + - secret + type: object + status: + description: NovaStatus defines the observed state of Nova + properties: + apiServiceReadyCount: + description: APIServiceReadyCount defines the number or replicas ready + from nova-api + format: int32 + type: integer + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + discoveredCells: + additionalProperties: + type: string + description: |- + DiscoveredCells is a map keyed by cell names that have discovered all kubernetes managed + computes in cell value is a hash of config from all kubernetes managed computes in cell + type: object + metadataServiceReadyCount: + description: |- + MetadataReadyCount defines the number of replicas ready from + nova-metadata service + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration - the most recent generation observed + for this service. If the observed generation is less than the spec + generation, then the controller has not processed the latest changes. + format: int64 + type: integer + registeredCells: + additionalProperties: + type: string + description: |- + RegisteredCells is a map keyed by cell names that are registered in the + nova_api database with a value that is the hash of the given cell + configuration. + type: object + schedulerServiceReadyCount: + description: SchedulerServiceReadyCount defines the number or replicas + ready from nova-scheduler + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/nova.openstack.org_novaapis.yaml b/bindata/crds/nova.openstack.org_novaapis.yaml new file mode 100644 index 000000000..cbfc6de95 --- /dev/null +++ b/bindata/crds/nova.openstack.org_novaapis.yaml @@ -0,0 +1,487 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: novaapis.nova.openstack.org +spec: + group: nova.openstack.org + names: + kind: NovaAPI + listKind: NovaAPIList + plural: novaapis + singular: novaapi + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .spec.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: NovaAPI is the Schema for the novaapis API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NovaAPISpec defines the desired state of NovaAPI + properties: + apiDatabaseAccount: + default: nova-api + description: APIDatabaseAccount - MariaDBAccount to use when accessing + the API DB + type: string + apiDatabaseHostname: + description: APIDatabaseHostname - hostname to use when accessing + the API DB + type: string + cell0DatabaseAccount: + default: nova-cell0 + description: APIDatabaseAccount - MariaDBAccount to use when accessing + the cell0 DB + type: string + cell0DatabaseHostname: + description: APIDatabaseHostname - hostname to use when accessing + the cell0 DB + type: string + containerImage: + description: The service specific Container Image URL (will be set + to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: DefaultConfigOverwrite - interface to overwrite default + config files like e.g. api-paste.ini or policy.yaml. + type: object + keystoneAuthURL: + description: |- + KeystoneAuthURL configures the keystone API endpoint to be used + by the service for authentication and authorization + type: string + keystonePublicAuthURL: + description: |- + KeystonePublicAuthURL configures the public keystone API endpoint. This + can be different from KeystoneAuthURL. The service uses this value + to redirect unauthenticated users. + type: string + memcachedInstance: + description: MemcachedInstance is the name of the Memcached CR that + all nova service will use. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + registeredCells: + additionalProperties: + type: string + description: |- + RegisteredCells is a map keyed by cell names that are registered in the + nova_api database with a value that is the hash of the given cell + configuration. + This is used to detect when a new cell is added or an existing cell is + reconfigured to trigger refresh of the in memory cell caches of the + service. + type: object + replicas: + default: 1 + description: Replicas of the service to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: |- + Secret is the name of the Secret instance containing password + information for the nova-api service. This secret is expected to be + generated by the nova-operator based on the information passed to the + Nova CR. + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Nova services the default SA name + type: string + serviceUser: + default: nova + description: |- + ServiceUser - optional username used for this service to register in + keystone + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret for + the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + public: + description: Public GenericService - holds the secret for + the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + required: + - apiDatabaseHostname + - cell0DatabaseHostname + - keystoneAuthURL + - keystonePublicAuthURL + - memcachedInstance + - registeredCells + - secret + - serviceAccount + type: object + status: + description: NovaAPIStatus defines the observed state of NovaAPI + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount defines the number of replicas ready from + nova-api + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/nova.openstack.org_novacells.yaml b/bindata/crds/nova.openstack.org_novacells.yaml new file mode 100644 index 000000000..2f1f86df9 --- /dev/null +++ b/bindata/crds/nova.openstack.org_novacells.yaml @@ -0,0 +1,1031 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: novacells.nova.openstack.org +spec: + group: nova.openstack.org + names: + kind: NovaCell + listKind: NovaCellList + plural: novacells + singular: novacell + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: NovaCell is the Schema for the novacells API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NovaCellSpec defines the desired state of NovaCell + properties: + apiDatabaseAccount: + default: nova + description: APIDatabaseAccount - MariaDBAccount to use when accessing + the API DB + type: string + apiDatabaseHostname: + description: |- + APIDatabaseHostname - hostname to use when accessing the API DB. If not + provided then up-calls will be disabled. This filed is Required for + cell0. + TODO(gibi): Add a webhook to validate cell0 constraint + type: string + cellDatabaseAccount: + default: nova + description: CellDatabaseAccount - MariaDBAccount to use when accessing + the cell DB + type: string + cellDatabaseHostname: + description: CellDatabaseHostname - hostname to use when accessing + the cell DB + type: string + cellName: + description: |- + CellName is the name of the Nova Cell. The value "cell0" has a special + meaning. The "cell0" Cell cannot have compute nodes associated and the + conductor in this cell acts as the super conductor for all the cells in + the deployment. + type: string + computeContainerImageURL: + description: NovaComputeContainerImageURL + type: string + conductorContainerImageURL: + description: ConductorContainerImageURL + type: string + conductorServiceTemplate: + description: ConductorServiceTemplate - defines the cell conductor + deployment for the cell + properties: + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Nova CR. + type: object + replicas: + default: 1 + description: Replicas of the service to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + dbPurge: + description: DBPurge defines the parameters for the DB archiving and + purging cron job + properties: + archiveAge: + default: 30 + description: |- + ArchiveAge defines the minimum age of the records in days that can be + moved to the shadow tables. + minimum: 1 + type: integer + purgeAge: + default: 90 + description: |- + PurgeAge defines the minimum age of the records in days that can be + deleted from the shadow tables + minimum: 1 + type: integer + schedule: + default: 0 0 * * * + description: |- + Schedule defines when to run the DB maintenance job in a cron format. + By default it runs every midnight. + type: string + type: object + keystoneAuthURL: + description: |- + KeystoneAuthURL - the URL that the service in the cell can use to talk + to keystone + type: string + memcachedInstance: + description: MemcachedInstance is the name of the Memcached CR that + all nova service will use. + type: string + metadataContainerImageURL: + description: MetadataContainerImageURL + type: string + metadataServiceTemplate: + description: MetadataServiceTemplate - defines the metadata service + dedicated for the cell. + properties: + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: DefaultConfigOverwrite - interface to overwrite default + config files like e.g. api-paste.ini. + type: object + enabled: + description: |- + Enabled - Whether NovaMetadata services should be deployed and managed. + If it is set to false then the related NovaMetadata CR will be deleted + if exists and owned by a higher level nova CR (Nova or NovaCell). If it + exist but not owned by a higher level nova CR then the NovaMetadata CR + will not be touched. + If it is set to true the a NovaMetadata CR will be created. + If there is already a manually created NovaMetadata CR with the relevant + name then this operator will not try to update that CR, instead + the higher level nova CR will be in error state until the manually + create NovaMetadata CR is deleted manually. + type: boolean + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Nova CR. + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + description: |- + Override configuration for the Service created to serve traffic to the cluster for internal + communication. + properties: + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + type: object + replicas: + default: 1 + description: Replicas of the service to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + type: object + noVNCProxyServiceTemplate: + description: |- + NoVNCProxyServiceTemplate - defines the novncproxy service dedicated for + the cell. + properties: + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + enabled: + description: |- + Enabled - Whether NovaNoVNCProxy services should be deployed and managed. + If it is set to false then the related NovaNoVNCProxy CR will be deleted + if exists and owned by the NovaCell. If it exist but not owned by the + NovaCell then the NovaNoVNCProxy will not be touched. + If it is set to true the a NovaNoVNCProxy CR will be created. + If there is already a manually created NovaNoVNCProxy CR with the + relevant name then the cell will not try to update that CR, instead the + NovaCell be in error state until the manually create NovaNoVNCProxy CR + is deleted by the operator. + type: boolean + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + description: Override configuration for the Service created + to serve traffic to the cluster. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + type: object + replicas: + default: 1 + description: Replicas of the service to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + service: + description: Service - Cert secret used for the nova novnc + service endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + vencrypt: + description: |- + Vencrypt - cert secret containing the x509 certificate to be presented to the VNC server. + The CommonName field should match the primary hostname of the controller node. If using a HA deployment, + the Organization field can also be configured to a value that is common across all console proxy instances in the deployment. + https://docs.openstack.org/nova/latest/admin/remote-console-access.html#novnc-proxy-server-configuration + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this services. + type: object + novaComputeTemplates: + additionalProperties: + description: |- + NovaComputeTemplate defines the input parameters specified by the user to + create a NovaCompute via higher level CRDs. + properties: + computeDriver: + description: ComputeDriver - defines which driver to use for + controlling virtualization + enum: + - ironic.IronicDriver + - fake.FakeDriver + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: DefaultConfigOverwrite - interface to overwrite + default config files like e.g. provider.yaml + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector to target subset of worker nodes running this service. Setting here overrides + any global NodeSelector settings within the Nova CR. + type: object + replicas: + default: 1 + description: Replicas of the service to run. For ironic.IronicDriver + the max replica is 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - computeDriver + type: object + description: |- + NovaComputeTemplates - map of nova computes template with selected drivers in format + compute_name: compute_template. Key from map is arbitrary name for the compute. + because of that there is a 20 character limit on the compute name. + type: object + novncproxyContainerImageURL: + description: NoVNCContainerImageURL + type: string + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + secret: + description: |- + Secret is the name of the Secret instance containing password + information for the nova cell. This secret is expected to be + generated by the nova-operator based on the information passed to the + Nova CR. + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Nova services the default SA name + type: string + serviceUser: + default: nova + description: |- + ServiceUser - optional username used for this service to register in + keystone + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + required: + - cellDatabaseHostname + - cellName + - computeContainerImageURL + - conductorContainerImageURL + - conductorServiceTemplate + - keystoneAuthURL + - memcachedInstance + - metadataContainerImageURL + - noVNCProxyServiceTemplate + - novncproxyContainerImageURL + - secret + - serviceAccount + type: object + status: + description: NovaCellStatus defines the observed state of NovaCell + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + conductorServiceReadyCount: + description: |- + ConductorServiceReadyCount defines the number of replicas ready from + nova-conductor service in the cell + format: int32 + type: integer + hash: + additionalProperties: + type: string + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + Map of hashes to track e.g. job status + type: object + metadataServiceReadyCount: + description: |- + MetadataServiceReadyCount defines the number of replicas ready from + nova-metadata service in the cell + format: int32 + type: integer + noVNCProxyServiceReadyCount: + description: |- + NoVNCPRoxyServiceReadyCount defines the number of replicas ready from + nova-novncproxy service in the cell + format: int32 + type: integer + novaComputesStatus: + additionalProperties: + description: NovaComputeCellStatus defines state of NovaCompute + in cell + properties: + deployed: + description: 'Deployed value: true means that the compute is + deployed but can still be undiscovered' + type: boolean + errors: + description: Errors value True means that during deployment, + errors appear, and the user needs to check the compute for + problems + type: boolean + required: + - deployed + - errors + type: object + description: |- + NovaComputesStatus is a map with format cell_name: NovaComputeCellStatus + where NovaComputeCellStatus tell if compute with selected name deployed successfully + and indicates if the compute is successfully mapped to the cell in + the nova_api database. + When a compute is removed from the Spec the operator will delete the + related NovaCompute CR and then remove the compute from this Status field. + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/nova.openstack.org_novacomputes.yaml b/bindata/crds/nova.openstack.org_novacomputes.yaml new file mode 100644 index 000000000..fe3c44fd0 --- /dev/null +++ b/bindata/crds/nova.openstack.org_novacomputes.yaml @@ -0,0 +1,277 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: novacomputes.nova.openstack.org +spec: + group: nova.openstack.org + names: + kind: NovaCompute + listKind: NovaComputeList + plural: novacomputes + singular: novacompute + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .spec.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: NovaCompute is the Schema for the NovaCompute + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NovaComputeSpec defines the desired state of NovaCompute + properties: + cellName: + description: CellName is the name of the Nova Cell this NovaCompute + belongs to. + type: string + computeDriver: + description: ComputeDriver defines which driver to use for controlling + virtualization + enum: + - ironic.IronicDriver + - fake.FakeDriver + type: string + computeName: + description: ComputeName - compute name. + type: string + containerImage: + description: The service specific Container Image URL (will be set + to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: DefaultConfigOverwrite - interface to overwrite default + config files like e.g. provider.yaml + type: object + keystoneAuthURL: + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + replicas: + default: 1 + description: Replicas of the service to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: |- + Secret is the name of the Secret instance containing password + information for the NovaCompute service. This secret is expected to be + generated by the nova-operator based on the information passed to the + Nova CR. + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Nova services the default SA name + type: string + serviceUser: + default: nova + description: |- + ServiceUser - optional username used for this service to register in + keystone + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + required: + - cellName + - computeDriver + - computeName + - keystoneAuthURL + - secret + - serviceAccount + type: object + status: + description: NovaComputeStatus defines the observed state of NovaCompute + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount defines the number of replicas ready from + NovaCompute + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/nova.openstack.org_novaconductors.yaml b/bindata/crds/nova.openstack.org_novaconductors.yaml new file mode 100644 index 000000000..8637aa427 --- /dev/null +++ b/bindata/crds/nova.openstack.org_novaconductors.yaml @@ -0,0 +1,319 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: novaconductors.nova.openstack.org +spec: + group: nova.openstack.org + names: + kind: NovaConductor + listKind: NovaConductorList + plural: novaconductors + singular: novaconductor + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .spec.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: NovaConductor is the Schema for the novaconductors API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NovaConductorSpec defines the desired state of NovaConductor + properties: + apiDatabaseAccount: + default: nova + description: APIDatabaseAccount - MariaDBAccount to use when accessing + the API DB + type: string + apiDatabaseHostname: + description: |- + APIDatabaseHostname - hostname to use when accessing the API DB. If not + provided then up-calls will be disabled. This filed is Required for + cell0. + TODO(gibi): Add a webhook to validate cell0 constraint + type: string + cellDatabaseAccount: + default: nova + description: CellDatabaseAccount - MariaDBAccount to use when accessing + the cell DB + type: string + cellDatabaseHostname: + description: |- + NOTE(gibi): This should be Required, see notes in KeystoneAuthURL + CellDatabaseHostname - hostname to use when accessing the cell DB + type: string + cellName: + description: CellName is the name of the Nova Cell this conductor + belongs to. + type: string + containerImage: + description: The service specific Container Image URL (will be set + to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + dbPurge: + description: DBPurge defines the parameters for the DB archiving and + purging cron job + properties: + archiveAge: + default: 30 + description: |- + ArchiveAge defines the minimum age of the records in days that can be + moved to the shadow tables. + minimum: 1 + type: integer + purgeAge: + default: 90 + description: |- + PurgeAge defines the minimum age of the records in days that can be + deleted from the shadow tables + minimum: 1 + type: integer + schedule: + default: 0 0 * * * + description: |- + Schedule defines when to run the DB maintenance job in a cron format. + By default it runs every midnight. + type: string + type: object + keystoneAuthURL: + description: |- + KeystoneAuthURL - the URL that the nova-conductor service can use to + talk to keystone + type: string + memcachedInstance: + description: MemcachedInstance is the name of the Memcached CR that + all nova service will use. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + replicas: + default: 1 + description: Replicas of the service to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: |- + Secret is the name of the Secret instance containing password + information for the nova-conductor service. This secret is expected to + be generated by the nova-operator based on the information passed to the + Nova CR. + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Nova services the default SA name + type: string + serviceUser: + default: nova + description: |- + ServiceUser - optional username used for this service to register in + keystone + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + required: + - cellName + - keystoneAuthURL + - memcachedInstance + - secret + - serviceAccount + type: object + status: + description: NovaConductorStatus defines the observed state of NovaConductor + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount defines the number of replicas ready from + nova-conductor + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/nova.openstack.org_novametadata.yaml b/bindata/crds/nova.openstack.org_novametadata.yaml new file mode 100644 index 000000000..56bb1a63e --- /dev/null +++ b/bindata/crds/nova.openstack.org_novametadata.yaml @@ -0,0 +1,463 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: novametadata.nova.openstack.org +spec: + group: nova.openstack.org + names: + kind: NovaMetadata + listKind: NovaMetadataList + plural: novametadata + singular: novametadata + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .spec.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: NovaMetadata is the Schema for the novametadata API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NovaMetadataSpec defines the desired state of NovaMetadata + properties: + apiDatabaseAccount: + default: nova-api + description: APIDatabaseAccount - MariaDBAccount to use when accessing + the API DB + type: string + apiDatabaseHostname: + description: |- + APIDatabaseHostname - hostname to use when accessing the API DB. + This filed is Required if the CellName is not provided + TODO(gibi): Add a webhook to validate the CellName constraint + type: string + cellDatabaseAccount: + default: nova + description: CellDatabaseAccount - MariaDBAccount to use when accessing + the cell DB + type: string + cellDatabaseHostname: + description: |- + CellDatabaseHostname - hostname to use when accessing the cell DB + This is unused if CellName is not provided. But if it is provided then + CellDatabaseHostName is also Required. + TODO(gibi): add webhook to validate this CellName constraint + type: string + cellName: + description: |- + CellName is the name of the Nova Cell this metadata service belongs to. + If not provided then the metadata serving every cells in the deployment + type: string + containerImage: + description: The service specific Container Image URL (will be set + to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: DefaultConfigOverwrite - interface to overwrite default + config files like e.g. api-paste.ini. + type: object + keystoneAuthURL: + description: |- + KeystoneAuthURL - the URL that the nova-metadata service can use to talk + to keystone + TODO(ksambor) Add checking if dynamic vendor data is configured + type: string + memcachedInstance: + description: MemcachedInstance is the name of the Memcached CR that + all nova service will use. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + description: |- + Override configuration for the Service created to serve traffic to the cluster for internal + communication. + properties: + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + type: object + registeredCells: + additionalProperties: + type: string + description: |- + RegisteredCells is a map keyed by cell names that are registered in the + nova_api database with a value that is the hash of the given cell + configuration. + This is used to detect when a new cell is added or an existing cell is + reconfigured to trigger refresh of the in memory cell caches of the + service. + This is empty for the case when nova-metadata runs within the cell. + type: object + replicas: + default: 1 + description: Replicas of the service to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: |- + Secret is the name of the Secret instance containing password + information for the nova-conductor service. This secret is expected to + be generated by the nova-operator based on the information passed to the + Nova CR. + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Nova services the default SA name + type: string + serviceUser: + default: nova + description: |- + ServiceUser - optional username used for this service to register in + keystone + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + required: + - keystoneAuthURL + - memcachedInstance + - secret + - serviceAccount + type: object + status: + description: NovaMetadataStatus defines the observed state of NovaMetadata + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount defines the number of replicas ready from + nova-metadata + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/nova.openstack.org_novanovncproxies.yaml b/bindata/crds/nova.openstack.org_novanovncproxies.yaml new file mode 100644 index 000000000..f3a8a0994 --- /dev/null +++ b/bindata/crds/nova.openstack.org_novanovncproxies.yaml @@ -0,0 +1,448 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: novanovncproxies.nova.openstack.org +spec: + group: nova.openstack.org + names: + kind: NovaNoVNCProxy + listKind: NovaNoVNCProxyList + plural: novanovncproxies + singular: novanovncproxy + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .spec.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: NovaNoVNCProxy is the Schema for the novanovncproxies API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NovaNoVNCProxySpec defines the desired state of NovaNoVNCProxy + properties: + cellDatabaseAccount: + default: nova + description: CellDatabaseAccount - MariaDBAccount to use when accessing + the cell DB + type: string + cellDatabaseHostname: + description: CellDatabaseHostname - hostname to use when accessing + the cell DB + type: string + cellName: + description: CellName is the name of the Nova Cell this novncproxy + belongs to. + type: string + containerImage: + description: The service specific Container Image URL (will be set + to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + keystoneAuthURL: + description: |- + KeystoneAuthURL - the URL that the nova-novncproxy service can use to + talk to keystone + type: string + memcachedInstance: + description: MemcachedInstance is the name of the Memcached CR that + all nova service will use. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + description: Override configuration for the Service created to + serve traffic to the cluster. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + type: object + replicas: + default: 1 + description: Replicas of the service to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: |- + Secret is the name of the Secret instance containing password + information for the nova-novncproxy service. This secret is expected to + be generated by the nova-operator based on the information passed to the + Nova CR. + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Nova services the default SA name + type: string + serviceUser: + default: nova + description: |- + ServiceUser - optional username used for this service to register in + keystone + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + service: + description: Service - Cert secret used for the nova novnc service + endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + vencrypt: + description: |- + Vencrypt - cert secret containing the x509 certificate to be presented to the VNC server. + The CommonName field should match the primary hostname of the controller node. If using a HA deployment, + the Organization field can also be configured to a value that is common across all console proxy instances in the deployment. + https://docs.openstack.org/nova/latest/admin/remote-console-access.html#novnc-proxy-server-configuration + properties: + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + type: object + required: + - cellDatabaseHostname + - cellName + - keystoneAuthURL + - memcachedInstance + - secret + - serviceAccount + type: object + status: + description: NovaNoVNCProxyStatus defines the observed state of NovaNoVNCProxy + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount defines the number of replicas ready from + nova-novncproxy + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/nova.openstack.org_novaschedulers.yaml b/bindata/crds/nova.openstack.org_novaschedulers.yaml new file mode 100644 index 000000000..aa17cb926 --- /dev/null +++ b/bindata/crds/nova.openstack.org_novaschedulers.yaml @@ -0,0 +1,297 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: novaschedulers.nova.openstack.org +spec: + group: nova.openstack.org + names: + kind: NovaScheduler + listKind: NovaSchedulerList + plural: novaschedulers + singular: novascheduler + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .spec.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: NovaScheduler is the Schema for the novaschedulers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NovaSchedulerSpec defines the desired state of NovaScheduler + properties: + apiDatabaseAccount: + default: nova-api + description: APIDatabaseAccount - MariaDBAccount to use when accessing + the API DB + type: string + apiDatabaseHostname: + description: APIDatabaseHostname - hostname to use when accessing + the API DB + type: string + cell0DatabaseAccount: + default: nova-cell0 + description: Cell0DatabaseAccount - MariaDBAccount to use when accessing + the cell0 DB + type: string + cell0DatabaseHostname: + description: Cell0DatabaseHostname - hostname to use when accessing + the cell0 DB + type: string + containerImage: + description: The service specific Container Image URL (will be set + to environmental default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + keystoneAuthURL: + description: |- + KeystoneAuthURL - the URL that the nova-scheduler service can use to + talk to keystone + type: string + memcachedInstance: + description: MemcachedInstance is the name of the Memcached CR that + all nova service will use. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + registeredCells: + additionalProperties: + type: string + description: |- + RegisteredCells is a map keyed by cell names that are registered in the + nova_api database with a value that is the hash of the given cell + configuration. + This is used to detect when a new cell is added or an existing cell is + reconfigured to trigger refresh of the in memory cell caches of the + service. + type: object + replicas: + default: 1 + description: Replicas of the service to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: |- + Secret is the name of the Secret instance containing password + information for the nova-scheduler service. This secret is expected to + be generated by the nova-operator based on the information passed to the + Nova CR. + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Nova services the default SA name + type: string + serviceUser: + default: nova + description: |- + ServiceUser - optional username used for this service to register in + keystone + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + required: + - apiDatabaseHostname + - cell0DatabaseHostname + - keystoneAuthURL + - memcachedInstance + - registeredCells + - secret + - serviceAccount + type: object + status: + description: NovaSchedulerStatus defines the observed state of NovaScheduler + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount defines the number of replicas ready from + nova-scheduler + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/octavia.openstack.org_octaviaamphoracontrollers.yaml b/bindata/crds/octavia.openstack.org_octaviaamphoracontrollers.yaml new file mode 100644 index 000000000..3353fe1de --- /dev/null +++ b/bindata/crds/octavia.openstack.org_octaviaamphoracontrollers.yaml @@ -0,0 +1,353 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: octaviaamphoracontrollers.octavia.openstack.org +spec: + group: octavia.openstack.org + names: + kind: OctaviaAmphoraController + listKind: OctaviaAmphoraControllerList + plural: octaviaamphoracontrollers + singular: octaviaamphoracontroller + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: OctaviaAmphoraController is the Schema for the octaviaworkers + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OctaviaAmphoraControllerSpec defines common state for all + Octavia Amphora Controllers + properties: + amphoraCustomFlavors: + default: [] + description: AmphoraCustomFlavors - User-defined flavors for Octavia + items: + description: OctaviaAmphoraFlavor Settings for custom Amphora flavors + properties: + RAM: + type: integer + RxTxFactor: + type: string + VCPUs: + type: integer + description: + type: string + disk: + type: integer + name: + type: string + required: + - RAM + - VCPUs + - disk + - name + type: object + type: array + amphoraImageOwnerID: + default: "" + type: string + containerImage: + description: ContainerImage - Amphora Controller Container Image URL + type: string + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: octavia + description: |- + DatabaseAccount - name of MariaDBAccount which will be used to connect + for the main octavia database + type: string + databaseHostname: + description: DatabaseHostname - Octavia DB hostname + type: string + databaseInstance: + description: |- + MariaDB instance name + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + lbMgmtNetworkID: + default: "" + type: string + lbSecurityGroupID: + default: "" + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + octaviaProviderSubnetCIDR: + description: OctaviaProviderSubnetCIDR - + type: string + octaviaProviderSubnetExtraCIDRs: + description: OctaviaProviderSubnetExtraCIDRs - + items: + type: string + type: array + octaviaProviderSubnetGateway: + description: OctaviaProviderSubnetGateway - + type: string + passwordSelectors: + default: + service: OctaviaPassword + description: PasswordSelectors - Selectors to identify the AdminUser + password from the Secret + properties: + database: + default: OctaviaDatabasePassword + description: |- + Database - Selector to get the octavia Database user password from the Secret + TODO: not used, need change in mariadb-operator + type: string + service: + default: OctaviaPassword + description: Service - Selector to get the service user password + from the Secret + type: string + type: object + persistenceDatabaseAccount: + default: octavia-persistence + description: |- + PersistenceDatabaseAccount - name of MariaDBAccount which will be used + to connect for the persistence database + type: string + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + role: + description: Role - the role for the controller (one of worker, housekeeping, + healthmanager) + type: string + secret: + description: Secret containing OpenStack password information for + octavia OctaviaDatabasePassword, AdminPassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Octavia services the default SA name + type: string + serviceUser: + default: octavia + description: 'ServiceUser - service user name (TODO: beagles, do we + need this at all)' + type: string + tenantName: + default: service + description: TenantName - the name of the OpenStack tenant that controls + the Octavia resources + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + required: + - databaseInstance + - role + - secret + - serviceAccount + type: object + status: + description: OctaviaAmphoraControllerStatus defines the observed state + of the Octavia Amphora Controller + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + desiredNumberScheduled: + description: DesiredNumberScheduled - total number of the nodes which + should be running Daemon + format: int32 + type: integer + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachment status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of Octavia Amphora Controllers + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/octavia.openstack.org_octaviaapis.yaml b/bindata/crds/octavia.openstack.org_octaviaapis.yaml new file mode 100644 index 000000000..8ff0de842 --- /dev/null +++ b/bindata/crds/octavia.openstack.org_octaviaapis.yaml @@ -0,0 +1,499 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: octaviaapis.octavia.openstack.org +spec: + group: octavia.openstack.org + names: + kind: OctaviaAPI + listKind: OctaviaAPIList + plural: octaviaapis + singular: octaviaapi + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.spec.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: OctaviaAPI is the Schema for the octaviaapis API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OctaviaAPISpec defines the desired state of OctaviaAPI + properties: + apiTimeout: + description: APITimeout for HAProxy and Apache defaults to OctaviaSpecCore + APITimeout (seconds) + type: integer + containerImage: + description: Octavia Container Image URL + type: string + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: octavia + description: |- + DatabaseAccount - name of MariaDBAccount which will be used to connect + for the main octavia database + type: string + databaseHostname: + description: DatabaseHostname - Octavia DB hostname + type: string + databaseInstance: + description: |- + MariaDB instance name + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelectors: + default: + service: OctaviaPassword + description: PasswordSelectors - Selectors to identify the DB and + ServiceUser password from the Secret + properties: + database: + default: OctaviaDatabasePassword + description: |- + Database - Selector to get the octavia Database user password from the Secret + TODO: not used, need change in mariadb-operator + type: string + service: + default: OctaviaPassword + description: Service - Selector to get the service user password + from the Secret + type: string + type: object + persistenceDatabaseAccount: + default: octavia-persistence + description: |- + PersistenceDatabaseAccount - name of MariaDBAccount which will be used + to connect for the persistence database + type: string + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + replicas: + default: 1 + description: Replicas of octavia API to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information for + octavia OctaviaDatabasePassword, AdminPassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Octavia services the default SA name + type: string + serviceUser: + default: octavia + description: ServiceUser - service user name + type: string + tenantName: + default: service + description: TenantName - the name of the OpenStack tenant that controls + the Octavia resources + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret for + the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + public: + description: Public GenericService - holds the secret for + the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + ovn: + description: Ovn GenericService - holds the secret for the OvnDb + client cert + properties: + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + type: object + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + required: + - containerImage + - databaseInstance + - secret + - serviceAccount + type: object + status: + description: OctaviaAPIStatus defines the observed state of OctaviaAPI + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachment status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of octavia API instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/octavia.openstack.org_octaviarsyslogs.yaml b/bindata/crds/octavia.openstack.org_octaviarsyslogs.yaml new file mode 100644 index 000000000..bd0f14248 --- /dev/null +++ b/bindata/crds/octavia.openstack.org_octaviarsyslogs.yaml @@ -0,0 +1,273 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: octaviarsyslogs.octavia.openstack.org +spec: + group: octavia.openstack.org + names: + kind: OctaviaRsyslog + listKind: OctaviaRsyslogList + plural: octaviarsyslogs + singular: octaviarsyslog + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: OctaviaRsyslog is the Schema for the octaviaworkers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OctaviaRsyslogSpec defines common state for all Octavia Amphora + Controllers + properties: + adminLogTargets: + description: |- + AdminLogTargets is a list of OctaviaRsyslogTarget, the admin logs are forwarded to those targets. + Use only when forwarding to an external Rsyslog server. + items: + properties: + host: + type: string + port: + type: integer + protocol: + type: string + required: + - host + - port + - protocol + type: object + type: array + containerImage: + default: quay.io/podified-antelope-centos9/openstack-rsyslog:current-podified + description: ContainerImage - Amphora Controller Container Image URL + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + default: + - octavia + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Octavia services the default SA name + type: string + serviceUser: + default: octavia + description: 'ServiceUser - service user name (TODO: beagles, do we + need this at all)' + type: string + tenantLogTargets: + description: |- + TenantLogTargets is a list of OctaviaRsyslogTarget, the tenant logs are forwarded to those targets. + Use only when forwarding to an external Rsyslog server. + items: + properties: + host: + type: string + port: + type: integer + protocol: + type: string + required: + - host + - port + - protocol + type: object + type: array + required: + - serviceAccount + type: object + status: + description: OctaviaRsyslogStatus defines the observed state of the Octavia + Amphora Controller + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + desiredNumberScheduled: + description: DesiredNumberScheduled - total number of the nodes which + should be running Daemon + format: int32 + type: integer + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachment status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of Octavia Amphora Controllers + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/octavia.openstack.org_octavias.yaml b/bindata/crds/octavia.openstack.org_octavias.yaml new file mode 100644 index 000000000..5d5fc842d --- /dev/null +++ b/bindata/crds/octavia.openstack.org_octavias.yaml @@ -0,0 +1,1537 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: octavias.octavia.openstack.org +spec: + group: octavia.openstack.org + names: + kind: Octavia + listKind: OctaviaList + plural: octavias + singular: octavia + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Octavia is the Schema for the octavia API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OctaviaSpec defines the desired state of Octavia + properties: + amphoraCustomFlavors: + default: [] + description: AmphoraCustomFlavors - User-defined flavors for Octavia + items: + description: OctaviaAmphoraFlavor Settings for custom Amphora flavors + properties: + RAM: + type: integer + RxTxFactor: + type: string + VCPUs: + type: integer + description: + type: string + disk: + type: integer + name: + type: string + required: + - RAM + - VCPUs + - disk + - name + type: object + type: array + amphoraImageContainerImage: + description: Octavia Container Image URL + type: string + apacheContainerImage: + description: Apache Container Image URL + type: string + apiTimeout: + default: 120 + description: Octavia API timeout + type: integer + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: octavia + description: |- + DatabaseAccount - name of MariaDBAccount which will be used to connect + for the main octavia database + type: string + databaseInstance: + description: |- + MariaDB instance name + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + lbMgmtNetwork: + default: + createDefaultLbMgmtNetwork: true + manageLbMgmtNetworks: true + description: OctaviaLbMgmtNetworks Settings for Octavia management + networks + properties: + availabilityZoneCIDRs: + additionalProperties: + type: string + description: 'AvailabilityZoneCIDRs are the CIDRs of each management + network associated with an Availability Zone (ex: {"az":"172.34.0.0/24", + ...})' + type: object + availabilityZones: + description: Availability zones for the octavia management network + resources + items: + type: string + type: array + createDefaultLbMgmtNetwork: + default: true + description: |- + CreateDefaultLbMgmtNetwork - when True, octavia-operator creates a + Management Network for the default Availability Zone of the control + plane. Can be set to false when deploying OpenStack in DCN mode. + type: boolean + lbMgmtRouterGateway: + description: |- + LbMgmtRouterGateway is the IP address of the Octavia router on the + Provider network, it's optional and used only when the routing + informations are not passed through the Network Attachment Definition + type: string + manageLbMgmtNetworks: + default: true + description: ManageLbMgmtNetworks - when True, octavia-operator + creates the Neutron resources needed for its Management Network + type: boolean + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + octaviaAPI: + description: OctaviaAPI - Spec definition for the API service of the + Octavia deployment + properties: + apiTimeout: + description: APITimeout for HAProxy and Apache defaults to OctaviaSpecCore + APITimeout (seconds) + type: integer + containerImage: + description: Octavia Container Image URL + type: string + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: octavia + description: |- + DatabaseAccount - name of MariaDBAccount which will be used to connect + for the main octavia database + type: string + databaseHostname: + description: DatabaseHostname - Octavia DB hostname + type: string + databaseInstance: + description: |- + MariaDB instance name + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the + configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelectors: + default: + service: OctaviaPassword + description: PasswordSelectors - Selectors to identify the DB + and ServiceUser password from the Secret + properties: + database: + default: OctaviaDatabasePassword + description: |- + Database - Selector to get the octavia Database user password from the Secret + TODO: not used, need change in mariadb-operator + type: string + service: + default: OctaviaPassword + description: Service - Selector to get the service user password + from the Secret + type: string + type: object + persistenceDatabaseAccount: + default: octavia-persistence + description: |- + PersistenceDatabaseAccount - name of MariaDBAccount which will be used + to connect for the persistence database + type: string + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + replicas: + default: 1 + description: Replicas of octavia API to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information + for octavia OctaviaDatabasePassword, AdminPassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Octavia services the default SA name + type: string + serviceUser: + default: octavia + description: ServiceUser - service user name + type: string + tenantName: + default: service + description: TenantName - the name of the OpenStack tenant that + controls the Octavia resources + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret + for the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + public: + description: Public GenericService - holds the secret + for the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + ovn: + description: Ovn GenericService - holds the secret for the + OvnDb client cert + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + required: + - containerImage + - databaseInstance + - secret + - serviceAccount + type: object + octaviaHealthManager: + description: OctaviaHousekeeping - Spec definition for the Octavia + Housekeeping agent for the Octavia deployment + properties: + amphoraCustomFlavors: + default: [] + description: AmphoraCustomFlavors - User-defined flavors for Octavia + items: + description: OctaviaAmphoraFlavor Settings for custom Amphora + flavors + properties: + RAM: + type: integer + RxTxFactor: + type: string + VCPUs: + type: integer + description: + type: string + disk: + type: integer + name: + type: string + required: + - RAM + - VCPUs + - disk + - name + type: object + type: array + amphoraImageOwnerID: + default: "" + type: string + containerImage: + description: ContainerImage - Amphora Controller Container Image + URL + type: string + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: octavia + description: |- + DatabaseAccount - name of MariaDBAccount which will be used to connect + for the main octavia database + type: string + databaseHostname: + description: DatabaseHostname - Octavia DB hostname + type: string + databaseInstance: + description: |- + MariaDB instance name + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + lbMgmtNetworkID: + default: "" + type: string + lbSecurityGroupID: + default: "" + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + octaviaProviderSubnetCIDR: + description: OctaviaProviderSubnetCIDR - + type: string + octaviaProviderSubnetExtraCIDRs: + description: OctaviaProviderSubnetExtraCIDRs - + items: + type: string + type: array + octaviaProviderSubnetGateway: + description: OctaviaProviderSubnetGateway - + type: string + passwordSelectors: + default: + service: OctaviaPassword + description: PasswordSelectors - Selectors to identify the AdminUser + password from the Secret + properties: + database: + default: OctaviaDatabasePassword + description: |- + Database - Selector to get the octavia Database user password from the Secret + TODO: not used, need change in mariadb-operator + type: string + service: + default: OctaviaPassword + description: Service - Selector to get the service user password + from the Secret + type: string + type: object + persistenceDatabaseAccount: + default: octavia-persistence + description: |- + PersistenceDatabaseAccount - name of MariaDBAccount which will be used + to connect for the persistence database + type: string + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + role: + description: Role - the role for the controller (one of worker, + housekeeping, healthmanager) + type: string + secret: + description: Secret containing OpenStack password information + for octavia OctaviaDatabasePassword, AdminPassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Octavia services the default SA name + type: string + serviceUser: + default: octavia + description: 'ServiceUser - service user name (TODO: beagles, + do we need this at all)' + type: string + tenantName: + default: service + description: TenantName - the name of the OpenStack tenant that + controls the Octavia resources + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + required: + - databaseInstance + - role + - secret + - serviceAccount + type: object + octaviaHousekeeping: + description: OctaviaHousekeeping - Spec definition for the Octavia + Housekeeping agent for the Octavia deployment + properties: + amphoraCustomFlavors: + default: [] + description: AmphoraCustomFlavors - User-defined flavors for Octavia + items: + description: OctaviaAmphoraFlavor Settings for custom Amphora + flavors + properties: + RAM: + type: integer + RxTxFactor: + type: string + VCPUs: + type: integer + description: + type: string + disk: + type: integer + name: + type: string + required: + - RAM + - VCPUs + - disk + - name + type: object + type: array + amphoraImageOwnerID: + default: "" + type: string + containerImage: + description: ContainerImage - Amphora Controller Container Image + URL + type: string + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: octavia + description: |- + DatabaseAccount - name of MariaDBAccount which will be used to connect + for the main octavia database + type: string + databaseHostname: + description: DatabaseHostname - Octavia DB hostname + type: string + databaseInstance: + description: |- + MariaDB instance name + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + lbMgmtNetworkID: + default: "" + type: string + lbSecurityGroupID: + default: "" + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + octaviaProviderSubnetCIDR: + description: OctaviaProviderSubnetCIDR - + type: string + octaviaProviderSubnetExtraCIDRs: + description: OctaviaProviderSubnetExtraCIDRs - + items: + type: string + type: array + octaviaProviderSubnetGateway: + description: OctaviaProviderSubnetGateway - + type: string + passwordSelectors: + default: + service: OctaviaPassword + description: PasswordSelectors - Selectors to identify the AdminUser + password from the Secret + properties: + database: + default: OctaviaDatabasePassword + description: |- + Database - Selector to get the octavia Database user password from the Secret + TODO: not used, need change in mariadb-operator + type: string + service: + default: OctaviaPassword + description: Service - Selector to get the service user password + from the Secret + type: string + type: object + persistenceDatabaseAccount: + default: octavia-persistence + description: |- + PersistenceDatabaseAccount - name of MariaDBAccount which will be used + to connect for the persistence database + type: string + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + role: + description: Role - the role for the controller (one of worker, + housekeeping, healthmanager) + type: string + secret: + description: Secret containing OpenStack password information + for octavia OctaviaDatabasePassword, AdminPassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Octavia services the default SA name + type: string + serviceUser: + default: octavia + description: 'ServiceUser - service user name (TODO: beagles, + do we need this at all)' + type: string + tenantName: + default: service + description: TenantName - the name of the OpenStack tenant that + controls the Octavia resources + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + required: + - databaseInstance + - role + - secret + - serviceAccount + type: object + octaviaNetworkAttachment: + default: octavia + description: OctaviaNetworkAttachment is a NetworkAttachment resource + name for the Octavia Management Network + type: string + octaviaRsyslog: + description: OctaviaRsyslog - Spec definition for the Octavia Rsyslog + agent for the Octavia deployment + properties: + adminLogTargets: + description: |- + AdminLogTargets is a list of OctaviaRsyslogTarget, the admin logs are forwarded to those targets. + Use only when forwarding to an external Rsyslog server. + items: + properties: + host: + type: string + port: + type: integer + protocol: + type: string + required: + - host + - port + - protocol + type: object + type: array + containerImage: + default: quay.io/podified-antelope-centos9/openstack-rsyslog:current-podified + description: ContainerImage - Amphora Controller Container Image + URL + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + networkAttachments: + default: + - octavia + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Octavia services the default SA name + type: string + serviceUser: + default: octavia + description: 'ServiceUser - service user name (TODO: beagles, + do we need this at all)' + type: string + tenantLogTargets: + description: |- + TenantLogTargets is a list of OctaviaRsyslogTarget, the tenant logs are forwarded to those targets. + Use only when forwarding to an external Rsyslog server. + items: + properties: + host: + type: string + port: + type: integer + protocol: + type: string + required: + - host + - port + - protocol + type: object + type: array + required: + - serviceAccount + type: object + octaviaWorker: + description: OctaviaHousekeeping - Spec definition for the Octavia + Housekeeping agent for the Octavia deployment + properties: + amphoraCustomFlavors: + default: [] + description: AmphoraCustomFlavors - User-defined flavors for Octavia + items: + description: OctaviaAmphoraFlavor Settings for custom Amphora + flavors + properties: + RAM: + type: integer + RxTxFactor: + type: string + VCPUs: + type: integer + description: + type: string + disk: + type: integer + name: + type: string + required: + - RAM + - VCPUs + - disk + - name + type: object + type: array + amphoraImageOwnerID: + default: "" + type: string + containerImage: + description: ContainerImage - Amphora Controller Container Image + URL + type: string + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: octavia + description: |- + DatabaseAccount - name of MariaDBAccount which will be used to connect + for the main octavia database + type: string + databaseHostname: + description: DatabaseHostname - Octavia DB hostname + type: string + databaseInstance: + description: |- + MariaDB instance name + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + lbMgmtNetworkID: + default: "" + type: string + lbSecurityGroupID: + default: "" + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + octaviaProviderSubnetCIDR: + description: OctaviaProviderSubnetCIDR - + type: string + octaviaProviderSubnetExtraCIDRs: + description: OctaviaProviderSubnetExtraCIDRs - + items: + type: string + type: array + octaviaProviderSubnetGateway: + description: OctaviaProviderSubnetGateway - + type: string + passwordSelectors: + default: + service: OctaviaPassword + description: PasswordSelectors - Selectors to identify the AdminUser + password from the Secret + properties: + database: + default: OctaviaDatabasePassword + description: |- + Database - Selector to get the octavia Database user password from the Secret + TODO: not used, need change in mariadb-operator + type: string + service: + default: OctaviaPassword + description: Service - Selector to get the service user password + from the Secret + type: string + type: object + persistenceDatabaseAccount: + default: octavia-persistence + description: |- + PersistenceDatabaseAccount - name of MariaDBAccount which will be used + to connect for the persistence database + type: string + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + role: + description: Role - the role for the controller (one of worker, + housekeeping, healthmanager) + type: string + secret: + description: Secret containing OpenStack password information + for octavia OctaviaDatabasePassword, AdminPassword + type: string + serviceAccount: + description: ServiceAccount - service account name used internally + to provide Octavia services the default SA name + type: string + serviceUser: + default: octavia + description: 'ServiceUser - service user name (TODO: beagles, + do we need this at all)' + type: string + tenantName: + default: service + description: TenantName - the name of the OpenStack tenant that + controls the Octavia resources + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + required: + - databaseInstance + - role + - secret + - serviceAccount + type: object + passwordSelectors: + default: + service: OctaviaPassword + description: PasswordSelectors - Selectors to identify the DB and + ServiceUser password from the Secret + properties: + database: + default: OctaviaDatabasePassword + description: |- + Database - Selector to get the octavia Database user password from the Secret + TODO: not used, need change in mariadb-operator + type: string + service: + default: OctaviaPassword + description: Service - Selector to get the service user password + from the Secret + type: string + type: object + persistenceDatabaseAccount: + default: octavia-persistence + description: |- + PersistenceDatabaseAccount - name of MariaDBAccount which will be used + to connect for the persistence database + type: string + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Octavia + type: string + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: |- + Secret containing OpenStack password information for octavia's keystone + password; no longer used for database password + type: string + serviceUser: + default: octavia + description: ServiceUser - service user name + type: string + sshPrivkeySecret: + default: octavia-ssh-privkey-secret + description: |- + LoadBalancerSSHPrivKey - The name of the secret that will be used to + store the private key for connecting to amphorae via SSH + type: string + sshPubkey: + default: octavia-ssh-pubkey + description: |- + LoadBalancerSSHPubKey - The name of the ConfigMap containing the + pubilc key for connecting to the amphorae via SSH + type: string + tenantName: + default: service + description: TenantName - the name of the OpenStack tenant that controls + the Octavia resources + type: string + required: + - apacheContainerImage + - databaseInstance + - octaviaAPI + - octaviaNetworkAttachment + - rabbitMqClusterName + - secret + type: object + status: + description: OctaviaStatus defines the observed state of Octavia + properties: + apireadyCount: + description: ReadyCount of octavia API instances + format: int32 + type: integer + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + description: Octavia Database Hostname + type: string + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + healthmanagerreadyCount: + description: ReadyCount of octavia HealthManager instances + format: int32 + type: integer + housekeepingreadyCount: + description: ReadyCount of octavia Housekeeping instances + format: int32 + type: integer + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + rsyslogreadyCount: + description: ReadyCount of octavia Rsyslog instances + format: int32 + type: integer + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + workerreadyCount: + description: ReadyCount of octavia Worker instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/ovn.openstack.org_ovncontrollers.yaml b/bindata/crds/ovn.openstack.org_ovncontrollers.yaml new file mode 100644 index 000000000..5d6f57512 --- /dev/null +++ b/bindata/crds/ovn.openstack.org_ovncontrollers.yaml @@ -0,0 +1,263 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: ovncontrollers.ovn.openstack.org +spec: + group: ovn.openstack.org + names: + kind: OVNController + listKind: OVNControllerList + plural: ovncontrollers + singular: ovncontroller + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: OVNController is the Schema for the ovncontrollers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OVNControllerSpec defines the desired state of OVNController + properties: + external-ids: + default: {} + description: OVSExternalIDs is a set of configuration options for + OVS external-ids table + properties: + availability-zones: + default: [] + items: + type: string + type: array + enable-chassis-as-gateway: + default: true + type: boolean + ovn-bridge: + default: br-int + type: string + ovn-encap-type: + default: geneve + enum: + - geneve + - vxlan + type: string + system-id: + default: random + type: string + type: object + networkAttachment: + description: |- + NetworkAttachment is a NetworkAttachment resource name to expose the service to the given network. + If specified the IP address of this network is used as the OVNEncapIP. + type: string + nicMappings: + additionalProperties: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + ovnContainerImage: + description: Image used for the ovn-controller container (will be + set to environmental default if empty) + type: string + ovsContainerImage: + description: Image used for the ovsdb-server and ovs-vswitchd containers + (will be set to environmental default if empty) + type: string + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tls: + description: TLS - Parameters related to TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + required: + - ovnContainerImage + - ovsContainerImage + type: object + status: + description: OVNControllerStatus defines the observed state of OVNController + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + desiredNumberScheduled: + description: DesiredNumberScheduled - total number of the nodes which + should be running Daemon + format: int32 + type: integer + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + numberReady: + description: NumberReady of the OVNController instances + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration - the most recent generation observed + for this service. If the observed generation is less than the spec + generation, then the controller has not processed the latest changes. + format: int64 + type: integer + ovsNumberReady: + description: ovsNumberReady of ovs instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/ovn.openstack.org_ovndbclusters.yaml b/bindata/crds/ovn.openstack.org_ovndbclusters.yaml new file mode 100644 index 000000000..386865fdb --- /dev/null +++ b/bindata/crds/ovn.openstack.org_ovndbclusters.yaml @@ -0,0 +1,417 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: ovndbclusters.ovn.openstack.org +spec: + group: ovn.openstack.org + names: + kind: OVNDBCluster + listKind: OVNDBClusterList + plural: ovndbclusters + singular: ovndbcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: OVNDBCluster is the Schema for the ovndbclusters API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OVNDBClusterSpec defines the desired state of OVNDBCluster + properties: + containerImage: + description: ContainerImage - Container Image URL (will be set to + environmental default if empty) + type: string + dbType: + default: NB + description: DBType - NB or SB + pattern: ^NB|SB$ + type: string + electionTimer: + default: 10000 + description: OVN Northbound and Southbound RAFT db election timer + to use on db creation (in milliseconds) + format: int32 + type: integer + inactivityProbe: + default: 60000 + description: Probe interval for the OVSDB session (in milliseconds) + format: int32 + type: integer + logLevel: + default: info + description: LogLevel - Set log level info, dbg, emer etc + type: string + networkAttachment: + description: |- + NetworkAttachment is a NetworkAttachment resource name to expose the service to the given network. + If specified the IP address of this network is used as the dbAddress connection. + type: string + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + description: Override configuration for the Service created to + serve traffic to the cluster. + properties: + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + type: object + probeIntervalToActive: + default: 60000 + description: Active probe interval from standby to active ovsdb-server + remote + format: int32 + type: integer + replicas: + default: 1 + description: Replicas of OVN DBCluster to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + storageClass: + description: StorageClass + type: string + storageRequest: + description: StorageRequest + type: string + tls: + description: TLS - Parameters related to TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + required: + - containerImage + - dbType + - storageRequest + type: object + status: + description: OVNDBClusterStatus defines the observed state of OVNDBCluster + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dbAddress: + description: DBAddress - DB IP address used by external nodes + type: string + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + internalDbAddress: + description: InternalDBAddress - DB IP address used by other Pods + in the cluster + type: string + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: ObservedGeneration - the most recent generation observed + for this service. If the observed generation is less than the spec + generation, then the controller has not processed the latest changes. + format: int64 + type: integer + readyCount: + description: ReadyCount of OVN DBCluster instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/ovn.openstack.org_ovnnorthds.yaml b/bindata/crds/ovn.openstack.org_ovnnorthds.yaml new file mode 100644 index 000000000..e1993d60f --- /dev/null +++ b/bindata/crds/ovn.openstack.org_ovnnorthds.yaml @@ -0,0 +1,215 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: ovnnorthds.ovn.openstack.org +spec: + group: ovn.openstack.org + names: + kind: OVNNorthd + listKind: OVNNorthdList + plural: ovnnorthds + singular: ovnnorthd + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: OVNNorthd is the Schema for the ovnnorthds API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OVNNorthdSpec defines the desired state of OVNNorthd + properties: + containerImage: + description: ContainerImage - Container Image URL (will be set to + environmental default if empty) + type: string + logLevel: + default: info + description: LogLevel - Set log level info, dbg, emer etc + type: string + nThreads: + default: 1 + description: NThreads sets number of threads used for building logical + flows + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + replicas: + default: 1 + description: Replicas of OVN Northd to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tls: + description: TLS - Parameters related to TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + required: + - containerImage + type: object + status: + description: OVNNorthdStatus defines the observed state of OVNNorthd + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration - the most recent generation observed + for this service. If the observed generation is less than the spec + generation, then the controller has not processed the latest changes. + format: int64 + type: integer + readyCount: + description: ReadyCount of OVN Northd instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/placement.openstack.org_placementapis.yaml b/bindata/crds/placement.openstack.org_placementapis.yaml new file mode 100644 index 000000000..8ee36567e --- /dev/null +++ b/bindata/crds/placement.openstack.org_placementapis.yaml @@ -0,0 +1,458 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: placementapis.placement.openstack.org +spec: + group: placement.openstack.org + names: + kind: PlacementAPI + listKind: PlacementAPIList + plural: placementapis + singular: placementapi + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .spec.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: PlacementAPI is the Schema for the placementapis API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PlacementAPISpec defines the desired state of PlacementAPI + properties: + containerImage: + description: PlacementAPI Container Image URL (will be set to environmental + default if empty) + type: string + customServiceConfig: + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: placement + description: DatabaseAccount - name of MariaDBAccount which will be + used to connect. + type: string + databaseInstance: + description: |- + MariaDB instance name + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: DefaultConfigOverwrite - interface to overwrite default + config files like policy.yaml. + type: object + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelectors: + default: + service: PlacementPassword + description: PasswordSelectors - Selectors to identify the DB and + ServiceUser password from the Secret + properties: + service: + default: PlacementPassword + description: Service - Selector to get the service user password + from the Secret + type: string + type: object + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + replicas: + default: 1 + description: Replicas of placement API to run + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + description: |- + Resources - Compute Resources required by this service (Limits/Requests). + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secret: + description: Secret containing OpenStack password information for + placement PlacementPassword + type: string + serviceUser: + default: placement + description: ServiceUser - optional username used for this service + to register in keystone + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret for + the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + public: + description: Public GenericService - holds the secret for + the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + required: + - containerImage + - databaseInstance + - secret + type: object + status: + description: PlacementAPIStatus defines the observed state of PlacementAPI + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + description: Placement Database Hostname + type: string + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: ObservedGeneration - the most recent generation observed + for this service. If the observed generation is less than the spec + generation, then the controller has not processed the latest changes. + format: int64 + type: integer + readyCount: + description: ReadyCount of placement API instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/rabbitmq.com_rabbitmqclusters.yaml b/bindata/crds/rabbitmq.com_rabbitmqclusters.yaml new file mode 100644 index 000000000..dc33845c4 --- /dev/null +++ b/bindata/crds/rabbitmq.com_rabbitmqclusters.yaml @@ -0,0 +1,5065 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + labels: + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/name: rabbitmq-cluster-operator + app.kubernetes.io/part-of: rabbitmq + servicebinding.io/provisioned-service: "true" + name: rabbitmqclusters.rabbitmq.com +spec: + group: rabbitmq.com + names: + categories: + - all + - rabbitmq + kind: RabbitmqCluster + listKind: RabbitmqClusterList + plural: rabbitmqclusters + shortNames: + - rmq + singular: rabbitmqcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type == 'AllReplicasReady')].status + name: AllReplicasReady + type: string + - jsonPath: .status.conditions[?(@.type == 'ReconcileSuccess')].status + name: ReconcileSuccess + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + RabbitmqCluster is the Schema for the RabbitmqCluster API. Each instance of this object + corresponds to a single RabbitMQ cluster. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec is the desired state of the RabbitmqCluster Custom Resource. + properties: + affinity: + description: Affinity scheduling rules to be applied on created Pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + delayStartSeconds: + default: 30 + description: |- + DelayStartSeconds is the time the init container (`setup-container`) will sleep before terminating. + This effectively delays the time between starting the Pod and starting the `rabbitmq` container. + RabbitMQ relies on up-to-date DNS entries early during peer discovery. + The purpose of this artificial delay is to ensure that DNS entries are up-to-date when booting RabbitMQ. + For more information, see https://github.com/kubernetes/kubernetes/issues/92559 + If your Kubernetes DNS backend is configured with a low DNS cache value or publishes not ready addresses + promptly, you can decrase this value or set it to 0. + format: int32 + minimum: 0 + type: integer + image: + description: |- + Image is the name of the RabbitMQ docker image to use for RabbitMQ nodes in the RabbitmqCluster. + Must be provided together with ImagePullSecrets in order to use an image in a private registry. + type: string + imagePullSecrets: + description: List of Secret resource containing access credentials + to the registry for the RabbitMQ image. Required if the docker registry + is private. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + override: + properties: + service: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + allocateLoadBalancerNodePorts: + type: boolean + clusterIP: + type: string + clusterIPs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + items: + type: string + type: array + externalName: + type: string + externalTrafficPolicy: + type: string + healthCheckNodePort: + format: int32 + type: integer + internalTrafficPolicy: + type: string + ipFamilies: + items: + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + ports: + items: + properties: + appProtocol: + type: string + name: + type: string + nodePort: + format: int32 + type: integer + port: + format: int32 + type: integer + protocol: + default: TCP + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + type: boolean + selector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + statefulSet: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + minReadySeconds: + format: int32 + type: integer + persistentVolumeClaimRetentionPolicy: + properties: + whenDeleted: + type: string + whenScaled: + type: string + type: object + podManagementPolicy: + type: string + replicas: + format: int32 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + serviceName: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + updateStrategy: + properties: + rollingUpdate: + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + partition: + format: int32 + type: integer + type: object + type: + type: string + type: object + volumeClaimTemplates: + items: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: array + type: object + type: object + type: object + persistence: + default: + storage: 10Gi + description: The desired persistent storage configuration for each + Pod in the cluster. + properties: + storage: + anyOf: + - type: integer + - type: string + default: 10Gi + description: |- + The requested size of the persistent volume attached to each Pod in the RabbitmqCluster. + The format of this field matches that defined by kubernetes/apimachinery. + See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity for more info on the format of this field. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClassName: + description: The name of the StorageClass to claim a PersistentVolume + from. + type: string + type: object + rabbitmq: + description: Configuration options for RabbitMQ Pods created in the + cluster. + properties: + additionalConfig: + description: |- + Modify to add to the rabbitmq.conf file in addition to default configurations set by the operator. + Modifying this property on an existing RabbitmqCluster will trigger a StatefulSet rolling restart and will cause rabbitmq downtime. + For more information on this config, see https://www.rabbitmq.com/configure.html#config-file + maxLength: 2000 + type: string + additionalPlugins: + description: 'List of plugins to enable in addition to essential + plugins: rabbitmq_management, rabbitmq_prometheus, and rabbitmq_peer_discovery_k8s.' + items: + description: A Plugin to enable on the RabbitmqCluster. + maxLength: 100 + pattern: ^\w+$ + type: string + maxItems: 100 + type: array + advancedConfig: + description: |- + Specify any rabbitmq advanced.config configurations to apply to the cluster. + For more information on advanced config, see https://www.rabbitmq.com/configure.html#advanced-config-file + maxLength: 100000 + type: string + envConfig: + description: |- + Modify to add to the rabbitmq-env.conf file. Modifying this property on an existing RabbitmqCluster will trigger a StatefulSet rolling restart and will cause rabbitmq downtime. + For more information on env config, see https://www.rabbitmq.com/man/rabbitmq-env.conf.5.html + maxLength: 100000 + type: string + erlangInetConfig: + description: |- + Erlang Inet configuration to apply to the Erlang VM running rabbit. + See also: https://www.erlang.org/doc/apps/erts/inet_cfg.html + maxLength: 2000 + type: string + type: object + replicas: + default: 1 + description: |- + Replicas is the number of nodes in the RabbitMQ cluster. Each node is deployed as a Replica in a StatefulSet. Only 1, 3, 5 replicas clusters are tested. + This value should be an odd number to ensure the resultant cluster can establish exactly one quorum of nodes + in the event of a fragmenting network partition. + format: int32 + minimum: 0 + type: integer + resources: + default: + limits: + cpu: 2000m + memory: 2Gi + requests: + cpu: 1000m + memory: 2Gi + description: The desired compute resource requirements of Pods in + the cluster. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secretBackend: + description: |- + Secret backend configuration for the RabbitmqCluster. + Enables to fetch default user credentials and certificates from K8s external secret stores. + properties: + externalSecret: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + vault: + description: |- + VaultSpec will add Vault annotations (see https://www.vaultproject.io/docs/platform/k8s/injector/annotations) + to RabbitMQ Pods. It requires a Vault Agent Sidecar Injector (https://www.vaultproject.io/docs/platform/k8s/injector) + to be installed in the K8s cluster. The injector is a K8s Mutation Webhook Controller that alters RabbitMQ Pod specifications + (based on the added Vault annotations) to include Vault Agent containers that render Vault secrets to the volume. + properties: + annotations: + additionalProperties: + type: string + description: |- + Vault annotations that override the Vault annotations set by the cluster-operator. + For a list of valid Vault annotations, see https://www.vaultproject.io/docs/platform/k8s/injector/annotations + type: object + defaultUserPath: + description: |- + Path in Vault to access a KV (Key-Value) secret with the fields username and password for the default user. + For example "secret/data/rabbitmq/config". + type: string + defaultUserUpdaterImage: + description: |- + Sidecar container that updates the default user's password in RabbitMQ when it changes in Vault. + Additionally, it updates /var/lib/rabbitmq/.rabbitmqadmin.conf (used by rabbitmqadmin CLI). + Set to empty string to disable the sidecar container. + type: string + role: + description: |- + Role in Vault. + If vault.defaultUserPath is set, this role must have capability to read the pre-created default user credential in Vault. + If vault.tls is set, this role must have capability to create and update certificates in the Vault PKI engine for the domains + "" and ".svc". + type: string + tls: + properties: + altNames: + description: |- + Specifies the requested Subject Alternative Names (SANs), in a comma-delimited list. + These will be appended to the SANs added by the cluster-operator. + The cluster-operator will add SANs: + "-server-.-nodes." for each pod, + e.g. "myrabbit-server-0.myrabbit-nodes.default". + type: string + commonName: + description: |- + Specifies the requested certificate Common Name (CN). + Defaults to ..svc if not provided. + type: string + ipSans: + description: Specifies the requested IP Subject Alternative + Names, in a comma-delimited list. + type: string + pkiIssuerPath: + description: |- + Path in Vault PKI engine. + For example "pki/issue/hashicorp-com". + required + type: string + pkiRootPath: + description: Specifies an optional path to retrieve the + root CA from vault. Useful if certificates are issued + by an intermediate CA + type: string + type: object + type: object + type: object + service: + default: + type: ClusterIP + description: The desired state of the Kubernetes Service to create + for the cluster. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to add to the Service. + type: object + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by a Service + See also: https://pkg.go.dev/k8s.io/api/core/v1#IPFamilyPolicy + enum: + - SingleStack + - PreferDualStack + - RequireDualStack + type: string + type: + default: ClusterIP + description: |- + Type of Service to create for the cluster. Must be one of: ClusterIP, LoadBalancer, NodePort. + For more info see https://pkg.go.dev/k8s.io/api/core/v1#ServiceType + enum: + - ClusterIP + - LoadBalancer + - NodePort + type: string + type: object + skipPostDeploySteps: + description: |- + If unset, or set to false, the cluster will run `rabbitmq-queues rebalance all` whenever the cluster is updated. + Set to true to prevent the operator rebalancing queue leaders after a cluster update. + Has no effect if the cluster only consists of one node. + For more information, see https://www.rabbitmq.com/rabbitmq-queues.8.html#rebalance + type: boolean + terminationGracePeriodSeconds: + default: 604800 + description: |- + TerminationGracePeriodSeconds is the timeout that each rabbitmqcluster pod will have to terminate gracefully. + It defaults to 604800 seconds ( a week long) to ensure that the container preStop lifecycle hook can finish running. + For more information, see: https://github.com/rabbitmq/cluster-operator/blob/main/docs/design/20200520-graceful-pod-termination.md + format: int64 + minimum: 0 + type: integer + tls: + description: TLS-related configuration for the RabbitMQ cluster. + properties: + caSecretName: + description: |- + Name of a Secret in the same Namespace as the RabbitmqCluster, containing the Certificate Authority's public certificate for TLS. + The Secret must store this as ca.crt. + This Secret can be created by running `kubectl create secret generic ca-secret --from-file=ca.crt=path/to/ca.cert` + Used for mTLS, and TLS for rabbitmq_web_stomp and rabbitmq_web_mqtt. + type: string + disableNonTLSListeners: + description: |- + When set to true, the RabbitmqCluster disables non-TLS listeners for RabbitMQ, management plugin and for any enabled plugins in the following list: stomp, mqtt, web_stomp, web_mqtt. + Only TLS-enabled clients will be able to connect. + type: boolean + secretName: + description: |- + Name of a Secret in the same Namespace as the RabbitmqCluster, containing the server's private key & public certificate for TLS. + The Secret must store these as tls.key and tls.crt, respectively. + This Secret can be created by running `kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key` + type: string + type: object + tolerations: + description: Tolerations is the list of Toleration resources attached + to each Pod in the RabbitmqCluster. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + status: + description: Status presents the observed state of RabbitmqCluster + properties: + binding: + description: |- + Binding exposes a secret containing the binding information for this + RabbitmqCluster. It implements the service binding Provisioned Service + duck type. See: https://github.com/servicebinding/spec#provisioned-service + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + conditions: + description: Set of Conditions describing the current state of the + RabbitmqCluster + items: + properties: + lastTransitionTime: + description: The last time this Condition type changed. + format: date-time + type: string + message: + description: Full text reason for current status of the condition. + type: string + reason: + description: One word, camel-case reason for current status + of the condition. + type: string + status: + description: True, False, or Unknown + type: string + type: + description: Type indicates the scope of RabbitmqCluster status + addressed by the condition. + type: string + required: + - status + - type + type: object + type: array + defaultUser: + description: Identifying information on internal resources + properties: + secretReference: + description: |- + Reference to the Kubernetes Secret containing the credentials of the default + user. + properties: + keys: + additionalProperties: + type: string + description: Key-value pairs in the Secret corresponding to + `username`, `password`, `host`, and `port` + type: object + name: + description: Name of the Secret containing the default user + credentials + type: string + namespace: + description: Namespace of the Secret containing the default + user credentials + type: string + required: + - keys + - name + - namespace + type: object + serviceReference: + description: Reference to the Kubernetes Service serving the cluster. + properties: + name: + description: Name of the Service serving the cluster + type: string + namespace: + description: Namespace of the Service serving the cluster + type: string + required: + - name + - namespace + type: object + type: object + observedGeneration: + description: |- + observedGeneration is the most recent successful generation observed for this RabbitmqCluster. It corresponds to the + RabbitmqCluster's generation, which is updated on mutation by the API Server. + format: int64 + type: integer + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/rabbitmq.openstack.org_transporturls.yaml b/bindata/crds/rabbitmq.openstack.org_transporturls.yaml new file mode 100644 index 000000000..0ea2391fb --- /dev/null +++ b/bindata/crds/rabbitmq.openstack.org_transporturls.yaml @@ -0,0 +1,126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: transporturls.rabbitmq.openstack.org +spec: + group: rabbitmq.openstack.org + names: + kind: TransportURL + listKind: TransportURLList + plural: transporturls + singular: transporturl + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: TransportURL is the Schema for the transporturls API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TransportURLSpec defines the desired state of TransportURL + properties: + rabbitmqClusterName: + description: RabbitmqClusterName the name of the Rabbitmq cluster + which to configure the transport URL + type: string + required: + - rabbitmqClusterName + type: object + status: + description: TransportURLStatus defines the observed state of TransportURL + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + secretName: + description: SecretName - name of the secret containing the rabbitmq + transport URL + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/redis.openstack.org_redises.yaml b/bindata/crds/redis.openstack.org_redises.yaml new file mode 100644 index 000000000..1f1030fe0 --- /dev/null +++ b/bindata/crds/redis.openstack.org_redises.yaml @@ -0,0 +1,149 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: redises.redis.openstack.org +spec: + group: redis.openstack.org + names: + kind: Redis + listKind: RedisList + plural: redises + singular: redis + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Redis is the Schema for the redises API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RedisSpec defines the desired state of Redis + properties: + containerImage: + description: Name of the redis container image to run (will be set + to environmental default if empty) + type: string + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + replicas: + default: 1 + description: Size of the redis cluster + format: int32 + type: integer + tls: + description: TLS settings for Redis service and internal Redis replication + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + required: + - containerImage + type: object + status: + description: RedisStatus defines the observed state of Redis + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track input changes + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the opentack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/swift.openstack.org_swiftproxies.yaml b/bindata/crds/swift.openstack.org_swiftproxies.yaml new file mode 100644 index 000000000..cdedf2144 --- /dev/null +++ b/bindata/crds/swift.openstack.org_swiftproxies.yaml @@ -0,0 +1,402 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: swiftproxies.swift.openstack.org +spec: + group: swift.openstack.org + names: + kind: SwiftProxy + listKind: SwiftProxyList + plural: swiftproxies + singular: swiftproxy + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: SwiftProxy is the Schema for the swiftproxies API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SwiftProxySpec defines the desired state of SwiftProxy + properties: + ceilometerEnabled: + default: false + description: Enables ceilometer in the swift proxy and creates required + resources + type: boolean + containerImageProxy: + description: Swift Proxy Container Image URL + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + DefaultConfigOverwrite - can be used to add additionalfiles. Those get + added to the service config dir in /etc/-conf.d + type: object + encryptionEnabled: + default: false + description: Encrypts new objects at rest + type: boolean + memcachedInstance: + default: memcached + description: Memcached instance name. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelectors: + default: + service: SwiftPassword + description: PasswordSelector - Selector to choose the Swift user + password from the Secret + properties: + service: + default: SwiftPassword + description: Service - Selector to get the Swift service password + from the Secret + type: string + type: object + rabbitMqClusterName: + default: rabbitmq + description: RabbitMQ instance name to request a transportURL for + Ceilometer middleware + type: string + replicas: + default: 1 + description: Replicas of Swift Proxy + format: int32 + minimum: 0 + type: integer + secret: + default: osp-secret + description: Secret containing OpenStack password information for + Swift service user password + type: string + serviceUser: + default: swift + description: ServiceUser - optional username used for this service + to register in Swift + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret for + the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + public: + description: Public GenericService - holds the secret for + the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + required: + - containerImageProxy + - memcachedInstance + - rabbitMqClusterName + - replicas + - secret + - serviceUser + type: object + status: + description: SwiftProxyStatus defines the observed state of SwiftProxy + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the openstack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of SwiftProxy instances + format: int32 + type: integer + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/swift.openstack.org_swiftrings.yaml b/bindata/crds/swift.openstack.org_swiftrings.yaml new file mode 100644 index 000000000..f995c2bd8 --- /dev/null +++ b/bindata/crds/swift.openstack.org_swiftrings.yaml @@ -0,0 +1,162 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: swiftrings.swift.openstack.org +spec: + group: swift.openstack.org + names: + kind: SwiftRing + listKind: SwiftRingList + plural: swiftrings + singular: swiftring + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: SwiftRing is the Schema for the swiftrings API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SwiftRingSpec defines the desired state of SwiftRing + properties: + containerImage: + description: Image URL for Swift proxy service + type: string + minPartHours: + default: 1 + description: Minimum number of hours to restrict moving a partition + more than once + format: int64 + minimum: 1 + type: integer + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + partPower: + default: 10 + description: Partition power of the Swift rings + format: int64 + minimum: 1 + type: integer + ringReplicas: + default: 1 + description: Number of Swift data replicas (=copies) + format: int64 + minimum: 1 + type: integer + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object + required: + - containerImage + - minPartHours + - partPower + - ringReplicas + type: object + status: + description: SwiftRingStatus defines the observed state of SwiftRing + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the openstack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/swift.openstack.org_swifts.yaml b/bindata/crds/swift.openstack.org_swifts.yaml new file mode 100644 index 000000000..f93e837ae --- /dev/null +++ b/bindata/crds/swift.openstack.org_swifts.yaml @@ -0,0 +1,528 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: swifts.swift.openstack.org +spec: + group: swift.openstack.org + names: + kind: Swift + listKind: SwiftList + plural: swifts + singular: swift + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Swift is the Schema for the swifts API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SwiftSpec defines the desired state of Swift + properties: + memcachedInstance: + default: memcached + description: Memcached instance name. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + storageClass: + default: "" + description: |- + Storage class. This is passed to SwiftStorage unless + storageClass is explicitly set for the SwiftStorage. + type: string + swiftProxy: + description: SwiftProxy - Spec definition for the Proxy service of + this Swift deployment + properties: + ceilometerEnabled: + default: false + description: Enables ceilometer in the swift proxy and creates + required resources + type: boolean + containerImageProxy: + description: Swift Proxy Container Image URL + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + DefaultConfigOverwrite - can be used to add additionalfiles. Those get + added to the service config dir in /etc/-conf.d + type: object + encryptionEnabled: + default: false + description: Encrypts new objects at rest + type: boolean + memcachedInstance: + default: memcached + description: Memcached instance name. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the + configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelectors: + default: + service: SwiftPassword + description: PasswordSelector - Selector to choose the Swift user + password from the Secret + properties: + service: + default: SwiftPassword + description: Service - Selector to get the Swift service password + from the Secret + type: string + type: object + rabbitMqClusterName: + default: rabbitmq + description: RabbitMQ instance name to request a transportURL + for Ceilometer middleware + type: string + replicas: + default: 1 + description: Replicas of Swift Proxy + format: int32 + minimum: 0 + type: integer + secret: + default: osp-secret + description: Secret containing OpenStack password information + for Swift service user password + type: string + serviceUser: + default: swift + description: ServiceUser - optional username used for this service + to register in Swift + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret + for the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + public: + description: Public GenericService - holds the secret + for the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + required: + - containerImageProxy + - memcachedInstance + - rabbitMqClusterName + - replicas + - secret + - serviceUser + type: object + swiftRing: + description: SwiftRing - Spec definition for the Ring service of this + Swift deployment + properties: + containerImage: + description: Image URL for Swift proxy service + type: string + minPartHours: + default: 1 + description: Minimum number of hours to restrict moving a partition + more than once + format: int64 + minimum: 1 + type: integer + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + partPower: + default: 10 + description: Partition power of the Swift rings + format: int64 + minimum: 1 + type: integer + ringReplicas: + default: 1 + description: Number of Swift data replicas (=copies) + format: int64 + minimum: 1 + type: integer + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + required: + - containerImage + - minPartHours + - partPower + - ringReplicas + type: object + swiftStorage: + description: SwiftStorage - Spec definition for the Storage service + of this Swift deployment + properties: + containerImageAccount: + description: Image URL for Swift account service + type: string + containerImageContainer: + description: Image URL for Swift container service + type: string + containerImageObject: + description: Image URL for Swift object service + type: string + containerImageProxy: + description: Image URL for Swift proxy service + type: string + containerSharderEnabled: + default: false + description: If the container sharder daemon is enabled. + type: boolean + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + DefaultConfigOverwrite - can be used to add additionalfiles. Those get + added to the service config dir in /etc/-conf.d + type: object + memcachedInstance: + default: memcached + description: Memcached instance name. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment + resource names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + replicas: + default: 1 + format: int32 + minimum: 0 + type: integer + storageClass: + default: "" + description: Name of StorageClass to use for Swift PVs + type: string + storageRequest: + default: 10Gi + description: Minimum size for Swift PVs + type: string + required: + - containerImageAccount + - containerImageContainer + - containerImageObject + - containerImageProxy + - memcachedInstance + - replicas + - storageClass + - storageRequest + type: object + required: + - memcachedInstance + - storageClass + - swiftProxy + - swiftRing + - swiftStorage + type: object + status: + description: SwiftStatus defines the observed state of Swift + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the openstack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/swift.openstack.org_swiftstorages.yaml b/bindata/crds/swift.openstack.org_swiftstorages.yaml new file mode 100644 index 000000000..ca4fabad2 --- /dev/null +++ b/bindata/crds/swift.openstack.org_swiftstorages.yaml @@ -0,0 +1,197 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: swiftstorages.swift.openstack.org +spec: + group: swift.openstack.org + names: + kind: SwiftStorage + listKind: SwiftStorageList + plural: swiftstorages + singular: swiftstorage + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: NetworkAttachments + jsonPath: .status.networkAttachments + name: NetworkAttachments + type: string + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: SwiftStorage is the Schema for the swiftstorages API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SwiftStorageSpec defines the desired state of SwiftStorage + properties: + containerImageAccount: + description: Image URL for Swift account service + type: string + containerImageContainer: + description: Image URL for Swift container service + type: string + containerImageObject: + description: Image URL for Swift object service + type: string + containerImageProxy: + description: Image URL for Swift proxy service + type: string + containerSharderEnabled: + default: false + description: If the container sharder daemon is enabled. + type: boolean + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + DefaultConfigOverwrite - can be used to add additionalfiles. Those get + added to the service config dir in /etc/-conf.d + type: object + memcachedInstance: + default: memcached + description: Memcached instance name. + type: string + networkAttachments: + description: NetworkAttachments is a list of NetworkAttachment resource + names to expose the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + replicas: + default: 1 + format: int32 + minimum: 0 + type: integer + storageClass: + default: "" + description: Name of StorageClass to use for Swift PVs + type: string + storageRequest: + default: 10Gi + description: Minimum size for Swift PVs + type: string + required: + - containerImageAccount + - containerImageContainer + - containerImageObject + - containerImageProxy + - memcachedInstance + - replicas + - storageClass + - storageRequest + type: object + status: + description: SwiftStorageStatus defines the observed state of SwiftStorage + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the openstack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of SwiftStorage instances + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/telemetry.openstack.org_autoscalings.yaml b/bindata/crds/telemetry.openstack.org_autoscalings.yaml new file mode 100644 index 000000000..78802f48e --- /dev/null +++ b/bindata/crds/telemetry.openstack.org_autoscalings.yaml @@ -0,0 +1,495 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: autoscalings.telemetry.openstack.org +spec: + group: telemetry.openstack.org + names: + kind: Autoscaling + listKind: AutoscalingList + plural: autoscalings + singular: autoscaling + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Autoscaling is the Schema for the autoscalings API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AutoscalingSpec defines the desired state of Autoscaling + properties: + aodh: + default: + apiImage: "" + databaseAccount: aodh + databaseInstance: openstack + evaluatorImage: "" + listenerImage: "" + memcachedInstance: memcached + notifierImage: "" + passwordSelector: + aodhService: AodhPassword + rabbitMqClusterName: rabbitmq + secret: osp-secret + serviceUser: aodh + description: Aodh spec + properties: + apiImage: + type: string + apiTimeout: + default: 60 + description: APITimeout for Route and Apache + type: integer + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: aodh + description: DatabaseAccount - optional MariaDBAccount CR name + used for aodh DB, defaults to aodh + type: string + databaseInstance: + default: openstack + description: |- + MariaDB instance name + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + evaluatorImage: + type: string + listenerImage: + type: string + memcachedInstance: + default: memcached + description: Memcached instance name. + type: string + networkAttachmentDefinitions: + description: NetworkAttachmentDefinitions list of network attachment + definitions the service pod gets attached to + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + notifierImage: + type: string + override: + description: Override, provides the ability to override the generated + manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the + configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelector: + default: + aodhService: AodhPassword + description: PasswordSelectors - Selectors to identify the service + from the Secret + properties: + aodhService: + default: AodhPassword + description: AodhService - Selector to get the aodh service + password from the Secret + type: string + ceilometerService: + default: CeilometerPassword + description: CeilometerService - Selector to get the ceilometer + service password from the Secret + type: string + type: object + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they finished + e.g. to check logs + type: boolean + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Aodh + type: string + secret: + default: osp-secret + description: Secret containing OpenStack password information + for aodh + type: string + serviceUser: + default: aodh + description: ServiceUser - optional username used for this service + to register in keystone + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret + for the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + public: + description: Public GenericService - holds the secret + for the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object + required: + - apiImage + - databaseInstance + - evaluatorImage + - listenerImage + - notifierImage + - secret + type: object + heatInstance: + default: heat + description: Heat instance name. + type: string + prometheusHost: + description: Host of user deployed prometheus + type: string + prometheusPort: + description: Port of user deployed prometheus + format: int32 + maximum: 65535 + minimum: 1 + type: integer + prometheusTLSCaCertSecret: + description: If defined, specifies which CA certificate to use for + user deployed prometheus + nullable: true + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - heatInstance + type: object + status: + description: AutoscalingStatus defines the observed state of Autoscaling + properties: + apiEndpoint: + additionalProperties: + type: string + description: API endpoint + type: object + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + databaseHostname: + description: DatabaseHostname - Hostname for the database + type: string + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networks: + description: Networks in addtion to the cluster network, the service + is attached to + items: + type: string + type: array + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the openstack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + prometheusHostname: + description: PrometheusHost - Hostname for prometheus used for autoscaling + type: string + prometheusPort: + description: PrometheusPort - Port for prometheus used for autoscaling + format: int32 + type: integer + prometheusTLS: + description: PrometheusTLS - Determines if TLS should be used for + accessing prometheus + type: boolean + readyCount: + description: ReadyCount of autoscaling instances + format: int32 + type: integer + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/telemetry.openstack.org_ceilometers.yaml b/bindata/crds/telemetry.openstack.org_ceilometers.yaml new file mode 100644 index 000000000..1e00939dd --- /dev/null +++ b/bindata/crds/telemetry.openstack.org_ceilometers.yaml @@ -0,0 +1,345 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: ceilometers.telemetry.openstack.org +spec: + group: telemetry.openstack.org + names: + kind: Ceilometer + listKind: CeilometerList + plural: ceilometers + singular: ceilometer + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Ceilometer is the Schema for the ceilometers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + ksmStatus: + description: KSMStatus defines the observed state of kube-state-metrics + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the openstack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of ksm instances + format: int32 + type: integer + type: object + metadata: + type: object + spec: + description: CeilometerSpec defines the desired state of Ceilometer + properties: + apiTimeout: + default: 60 + description: APITimeout for Apache + type: integer + centralImage: + type: string + computeImage: + type: string + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + ipmiImage: + type: string + ksmImage: + type: string + ksmTls: + description: KSMTLS - Parameters related to the TLS for kube-state-metrics + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + mysqldExporterDatabaseAccountPrefix: + default: mysqld-exporter + description: |- + MysqldExporterDatabaseAccountPrefix - Database account prefix for the mysqld-exporter. + A mariadbaccount CR named "-" for each + galera instance needs to be either created by the user or if it's missing, it'll be + created by the telemetry-operator automatically. + type: string + mysqldExporterEnabled: + description: Whether mysqld_exporter should be deployed + type: boolean + mysqldExporterImage: + type: string + mysqldExporterTLS: + description: MysqldExporterTLS - Parameters related to the TLS for + mysqld_exporter + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + networkAttachmentDefinitions: + description: NetworkAttachmentDefinitions list of network attachment + definitions the service pod gets attached to + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + notificationImage: + type: string + passwordSelector: + default: + ceilometerService: CeilometerPassword + description: PasswordSelectors - Selectors to identify the service + from the Secret + properties: + aodhService: + default: AodhPassword + description: AodhService - Selector to get the aodh service password + from the Secret + type: string + ceilometerService: + default: CeilometerPassword + description: CeilometerService - Selector to get the ceilometer + service password from the Secret + type: string + type: object + proxyImage: + type: string + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Telemetry + type: string + secret: + default: osp-secret + description: Secret containing OpenStack password information for + ceilometer + type: string + serviceUser: + default: ceilometer + description: ServiceUser - optional username used for this service + to register in keystone + type: string + sgCoreImage: + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + required: + - centralImage + - computeImage + - ipmiImage + - notificationImage + - proxyImage + - secret + - sgCoreImage + type: object + status: + description: CeilometerStatus defines the observed state of Ceilometer + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + mysqldExporterExportedGaleras: + description: List of galera CRs, which are being exported with mysqld_exporter + items: + type: string + type: array + x-kubernetes-list-type: atomic + mysqldExporterHash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + mysqldExporterReadyCount: + description: ReadyCount of mysqld_exporter instances + format: int32 + type: integer + networks: + description: Networks in addtion to the cluster network, the service + is attached to + items: + type: string + type: array + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the openstack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + readyCount: + description: ReadyCount of ceilometer instances + format: int32 + type: integer + transportURLSecret: + description: TransportURLSecret - Secret containing RabbitMQ transportURL + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/telemetry.openstack.org_loggings.yaml b/bindata/crds/telemetry.openstack.org_loggings.yaml new file mode 100644 index 000000000..36069e134 --- /dev/null +++ b/bindata/crds/telemetry.openstack.org_loggings.yaml @@ -0,0 +1,164 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: loggings.telemetry.openstack.org +spec: + group: telemetry.openstack.org + names: + categories: + - logging + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Logging is the Schema for the loggings API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: LoggingSpec defines the desired state of Logging + properties: + annotations: + additionalProperties: + type: string + default: + metallb.universe.tf/address-pool: internalapi + metallb.universe.tf/allow-shared-ip: internalapi + metallb.universe.tf/loadBalancerIPs: 172.17.0.80 + description: Annotations is a way to configure certain LoadBalancers, + like MetalLB + type: object + cloNamespace: + default: openshift-logging + description: CLONamespace points to the namespace where the cluster-logging-operator + is deployed + type: string + port: + default: 10514 + description: Port is the port where the service will listen on + format: int32 + type: integer + rsyslogQueueSize: + default: 10000 + description: The size of the local queue of logs + format: int32 + type: integer + rsyslogQueueType: + default: linkedList + description: The type of the local queue of logs + type: string + rsyslogRetries: + default: 100 + description: The number of retries rsyslog will attempt before abandoning + format: int32 + type: integer + targetPort: + default: 10514 + description: TargetPort is the port where the logging syslog receiver + is listening + type: integer + required: + - rsyslogQueueType + type: object + status: + description: LoggingStatus defines the observed state of Logging + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the openstack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/telemetry.openstack.org_metricstorages.yaml b/bindata/crds/telemetry.openstack.org_metricstorages.yaml new file mode 100644 index 000000000..38ce4eb8b --- /dev/null +++ b/bindata/crds/telemetry.openstack.org_metricstorages.yaml @@ -0,0 +1,1381 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: metricstorages.telemetry.openstack.org +spec: + group: telemetry.openstack.org + names: + kind: MetricStorage + listKind: MetricStorageList + plural: metricstorages + singular: metricstorage + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: MetricStorage is the Schema for the metricstorages API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MetricStorageSpec defines the desired state of MetricStorage + properties: + customMonitoringStack: + description: |- + CustomMonitoringStack allows to deploy a custom monitoring + stack when the options in "MonitoringStack" aren't + enough + nullable: true + properties: + alertmanagerConfig: + default: + disabled: false + description: Define Alertmanager config + properties: + disabled: + default: false + description: Disables the deployment of Alertmanager. + type: boolean + type: object + logLevel: + default: info + description: Loglevel set log levels of configured components + enum: + - debug + - info + - warn + - error + type: string + namespaceSelector: + description: |- + Namespace selector for Monitoring Stack Resources. + To monitor everything, set to empty map selector. E.g. namespaceSelector: {}. + To monitor resources in the namespace where Monitoring Stack was created in, set to null. E.g. namespaceSelector:. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + prometheusConfig: + default: + replicas: 2 + description: Define prometheus config + properties: + enableOtlpHttpReceiver: + description: |- + Enable Prometheus to accept OpenTelemetry Metrics via the otlp/http protocol. + Defaults to the value of `false`. + The resulting endpoint is /api/v1/otlp/v1/metrics. + type: boolean + enableRemoteWriteReceiver: + description: Enable Prometheus to be used as a receiver for + the Prometheus remote write protocol. Defaults to the value + of `false`. + type: boolean + externalLabels: + additionalProperties: + type: string + description: Define ExternalLabels for prometheus + type: object + persistentVolumeClaim: + description: Define persistent volume claim for prometheus + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + remoteWrite: + description: Define remote write for prometheus + items: + description: |- + RemoteWriteSpec defines the configuration to write samples from Prometheus + to a remote endpoint. + properties: + authorization: + description: |- + Authorization section for the URL. + + + It requires Prometheus >= v2.26.0. + + + Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: File to read a secret from, mutually + exclusive with `credentials`. + type: string + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + + "Basic" is not a supported value. + + + Default: "Bearer" + type: string + type: object + azureAd: + description: |- + AzureAD for the URL. + + + It requires Prometheus >= v2.45.0. + + + Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. + properties: + cloud: + description: The Azure Cloud. Options are 'AzurePublic', + 'AzureChina', or 'AzureGovernment'. + enum: + - AzureChina + - AzureGovernment + - AzurePublic + type: string + managedIdentity: + description: |- + ManagedIdentity defines the Azure User-assigned Managed identity. + Cannot be set at the same time as `oauth`. + properties: + clientId: + description: The client id + type: string + required: + - clientId + type: object + oauth: + description: |- + OAuth defines the oauth config that is being used to authenticate. + Cannot be set at the same time as `managedIdentity`. + + + It requires Prometheus >= v2.48.0. + properties: + clientId: + description: '`clientID` is the clientId of + the Azure Active Directory application that + is being used to authenticate.' + minLength: 1 + type: string + clientSecret: + description: '`clientSecret` specifies a key + of a Secret containing the client secret of + the Azure Active Directory application that + is being used to authenticate.' + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tenantId: + description: '`tenantID` is the tenant ID of + the Azure Active Directory application that + is being used to authenticate.' + minLength: 1 + pattern: ^[0-9a-zA-Z-.]+$ + type: string + required: + - clientId + - clientSecret + - tenantId + type: object + type: object + basicAuth: + description: |- + BasicAuth configuration for the URL. + + + Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + description: |- + *Warning: this field shouldn't be used because the token value appears + in clear-text. Prefer using `authorization`.* + + + Deprecated: this will be removed in a future release. + type: string + bearerTokenFile: + description: |- + File from which to read bearer token for the URL. + + + Deprecated: this will be removed in a future release. Prefer using `authorization`. + type: string + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + headers: + additionalProperties: + type: string + description: |- + Custom HTTP headers to be sent along with each remote write request. + Be aware that headers that are set by Prometheus itself can't be overwritten. + + + It requires Prometheus >= v2.25.0. + type: object + metadataConfig: + description: MetadataConfig configures the sending of + series metadata to the remote storage. + properties: + send: + description: Defines whether metric metadata is + sent to the remote storage or not. + type: boolean + sendInterval: + description: Defines how frequently metric metadata + is sent to the remote storage. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + name: + description: |- + The name of the remote write queue, it must be unique if specified. The + name is used in metrics and logging in order to differentiate queues. + + + It requires Prometheus >= v2.15.0. + type: string + oauth2: + description: |- + OAuth2 configuration for the URL. + + + It requires Prometheus >= v2.27.0. + + + Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + scopes: + description: '`scopes` defines the OAuth2 scopes + used for the token request.' + items: + type: string + type: array + tokenUrl: + description: '`tokenURL` configures the URL to fetch + the token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyUrl: + description: Optional ProxyURL. + type: string + queueConfig: + description: QueueConfig allows tuning of the remote + write queue parameters. + properties: + batchSendDeadline: + description: BatchSendDeadline is the maximum time + a sample will wait in buffer. + type: string + capacity: + description: |- + Capacity is the number of samples to buffer per shard before we start + dropping them. + type: integer + maxBackoff: + description: MaxBackoff is the maximum retry delay. + type: string + maxRetries: + description: MaxRetries is the maximum number of + times to retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum number + of samples per send. + type: integer + maxShards: + description: MaxShards is the maximum number of + shards, i.e. amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry delay. + Gets doubled for every retry. + type: string + minShards: + description: MinShards is the minimum number of + shards, i.e. amount of concurrency. + type: integer + retryOnRateLimit: + description: |- + Retry upon receiving a 429 status code from the remote-write storage. + This is experimental feature and might change in the future. + type: boolean + type: object + remoteTimeout: + description: Timeout for requests to the remote write + endpoint. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + sendExemplars: + description: |- + Enables sending of exemplars over remote write. Note that + exemplar-storage itself must be enabled using the `spec.enableFeature` + option for exemplars to be scraped in the first place. + + + It requires Prometheus >= v2.27.0. + type: boolean + sendNativeHistograms: + description: |- + Enables sending of native histograms, also known as sparse histograms + over remote write. + + + It requires Prometheus >= v2.40.0. + type: boolean + sigv4: + description: |- + Sigv4 allows to configures AWS's Signature Verification 4 for the URL. + + + It requires Prometheus >= v2.26.0. + + + Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`. + properties: + accessKey: + description: |- + AccessKey is the AWS API key. If not specified, the environment variable + `AWS_ACCESS_KEY_ID` is used. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: Profile is the named AWS profile used + to authenticate. + type: string + region: + description: Region is the AWS region. If blank, + the region from the default credentials chain + used. + type: string + roleArn: + description: RoleArn is the named AWS profile used + to authenticate. + type: string + secretKey: + description: |- + SecretKey is the AWS API secret. If not specified, the environment + variable `AWS_SECRET_ACCESS_KEY` is used. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + tlsConfig: + description: TLS Config to use for the URL. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: Path to the CA cert in the Prometheus + container to use for the targets. + type: string + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: Path to the client cert file in the + Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the + Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file + for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples + to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + Action to perform based on the regex matching. + + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + Modulus to take of the hash of the source label values. + + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: Regular expression against which + the extracted value is matched. + type: string + replacement: + description: |- + Replacement value against which a Replace action is performed if the + regular expression matches. + + + Regex capture groups are available. + type: string + separator: + description: Separator is the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name which may only contain ASCII + letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: |- + Label to which the resulting string is written in a replacement. + + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + + Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicas: + default: 2 + description: Number of replicas/pods to deploy for a Prometheus + deployment. + format: int32 + minimum: 0 + type: integer + scrapeInterval: + description: Default interval between scrapes. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + resourceSelector: + description: |- + Label selector for Monitoring Stack Resources. + To monitor everything, set to empty map selector. E.g. resourceSelector: {}. + To disable service discovery, set to null. E.g. resourceSelector:. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + default: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + description: Define resources requests and limits for Monitoring + Stack Pods. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + retention: + default: 120h + description: |- + Time duration to retain data for. Default is '120h', + and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + dashboardsEnabled: + default: false + description: DashboardsEnabled allows to enable or disable dashboards + and related artifacts + type: boolean + dataplaneNetwork: + default: ctlplane + description: DataplaneNetwork defines the network that will be used + to scrape dataplane node_exporter endpoints + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + monitoringStack: + description: |- + MonitoringStack allows to define a metric storage with + options supported by Red Hat + nullable: true + properties: + alertingEnabled: + default: true + description: AlertingEnabled allows to enable or disable alertmanager + type: boolean + scrapeInterval: + default: 30s + description: ScrapeInterval sets the interval between scrapes + type: string + storage: + default: + persistent: + pvcStorageRequest: 20G + retention: 24h + strategy: persistent + description: Storage allows to define options for how to store + metrics + properties: + persistent: + description: |- + Used to specify the options of persistent storage when + strategy = "persistent" + properties: + pvcStorageClass: + description: PvcStorageClass The storage class to use + for storing metrics + type: string + pvcStorageRequest: + default: 20G + description: PvcStorageRequest The amount of storage to + request in PVC + type: string + pvcStorageSelector: + description: PvcStorageSelector The Label selector to + specify in PVCs + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + retention: + default: 24h + description: Retention time for metrics + type: string + strategy: + default: persistent + description: |- + Strategy to use for storage. Can be "persistent", "ephemeral" + or empty, in which case a COO default is used + enum: + - persistent + - ephemeral + type: string + type: object + type: object + prometheusTls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + type: object + status: + description: MetricStorageStatus defines the observed state of MetricStorage + properties: + conditions: + description: Conditions provide observations of the operational state + of a API resource. + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the openstack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + prometheusTLSPatched: + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/telemetry.openstack.org_telemetries.yaml b/bindata/crds/telemetry.openstack.org_telemetries.yaml new file mode 100644 index 000000000..4246178d7 --- /dev/null +++ b/bindata/crds/telemetry.openstack.org_telemetries.yaml @@ -0,0 +1,1955 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: telemetries.telemetry.openstack.org +spec: + group: telemetry.openstack.org + names: + kind: Telemetry + listKind: TelemetryList + plural: telemetries + singular: telemetry + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Telemetry is the Schema for the telemetry API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TelemetrySpec defines the desired state of Telemetry + properties: + autoscaling: + description: Autoscaling - Parameters related to the autoscaling service + properties: + aodh: + default: + apiImage: "" + databaseAccount: aodh + databaseInstance: openstack + evaluatorImage: "" + listenerImage: "" + memcachedInstance: memcached + notifierImage: "" + passwordSelector: + aodhService: AodhPassword + rabbitMqClusterName: rabbitmq + secret: osp-secret + serviceUser: aodh + description: Aodh spec + properties: + apiImage: + type: string + apiTimeout: + default: 60 + description: APITimeout for Route and Apache + type: integer + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + databaseAccount: + default: aodh + description: DatabaseAccount - optional MariaDBAccount CR + name used for aodh DB, defaults to aodh + type: string + databaseInstance: + default: openstack + description: |- + MariaDB instance name + Right now required by the maridb-operator to get the credentials from the instance to create the DB + Might not be required in future + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + evaluatorImage: + type: string + listenerImage: + type: string + memcachedInstance: + default: memcached + description: Memcached instance name. + type: string + networkAttachmentDefinitions: + description: NetworkAttachmentDefinitions list of network + attachment definitions the service pod gets attached to + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes + running this service + type: object + notifierImage: + type: string + override: + description: Override, provides the ability to override the + generated manifest of several child resources. + properties: + service: + additionalProperties: + description: |- + RoutedOverrideSpec - a routed service override configuration for the Service created to serve traffic + to the cluster. Allows for the manifest of the created Service to be overwritten with custom configuration. + properties: + endpointURL: + type: string + metadata: + description: |- + EmbeddedLabelsAnnotations is an embedded subset of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. + Only labels and annotations are included. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: |- + OverrideServiceSpec is a subset of the fields included in https://pkg.go.dev/k8s.io/api@v0.26.6/core/v1#ServiceSpec + Limited to Type, SessionAffinity, LoadBalancerSourceRanges, ExternalName, ExternalTrafficPolicy, SessionAffinityConfig, + IPFamilyPolicy, LoadBalancerClass and InternalTrafficPolicy + properties: + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains + the configurations of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + description: |- + Override configuration for the Service created to serve traffic to the cluster. + The key must be the endpoint type (public, internal) + type: object + type: object + passwordSelector: + default: + aodhService: AodhPassword + description: PasswordSelectors - Selectors to identify the + service from the Secret + properties: + aodhService: + default: AodhPassword + description: AodhService - Selector to get the aodh service + password from the Secret + type: string + ceilometerService: + default: CeilometerPassword + description: CeilometerService - Selector to get the ceilometer + service password from the Secret + type: string + type: object + preserveJobs: + default: false + description: PreserveJobs - do not delete jobs after they + finished e.g. to check logs + type: boolean + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Aodh + type: string + secret: + default: osp-secret + description: Secret containing OpenStack password information + for aodh + type: string + serviceUser: + default: aodh + description: ServiceUser - optional username used for this + service to register in keystone + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret + for the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key + for the service + type: string + type: object + public: + description: Public GenericService - holds the secret + for the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key + for the service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs + in a pre-created bundle file + type: string + type: object + required: + - apiImage + - databaseInstance + - evaluatorImage + - listenerImage + - notifierImage + - secret + type: object + enabled: + default: false + description: Enabled - Whether OpenStack autoscaling service should + be deployed and managed + type: boolean + heatInstance: + default: heat + description: Heat instance name. + type: string + prometheusHost: + description: Host of user deployed prometheus + type: string + prometheusPort: + description: Port of user deployed prometheus + format: int32 + maximum: 65535 + minimum: 1 + type: integer + prometheusTLSCaCertSecret: + description: If defined, specifies which CA certificate to use + for user deployed prometheus + nullable: true + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - heatInstance + type: object + ceilometer: + description: Ceilometer - Parameters related to the ceilometer service + properties: + apiTimeout: + default: 60 + description: APITimeout for Apache + type: integer + centralImage: + type: string + computeImage: + type: string + customServiceConfig: + default: '# add your customization here' + description: |- + CustomServiceConfig - customize the service config using this parameter to change service defaults, + or overwrite rendered information using raw OpenStack config format. The content gets added to + to /etc//.conf.d directory as custom.conf file. + type: string + defaultConfigOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. + But can also be used to add additional files. Those get added to the service config dir in /etc/ . + TODO: -> implement + type: object + enabled: + default: true + description: Enabled - Whether OpenStack Ceilometer service should + be deployed and managed + type: boolean + ipmiImage: + type: string + ksmImage: + type: string + ksmTls: + description: KSMTLS - Parameters related to the TLS for kube-state-metrics + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + mysqldExporterDatabaseAccountPrefix: + default: mysqld-exporter + description: |- + MysqldExporterDatabaseAccountPrefix - Database account prefix for the mysqld-exporter. + A mariadbaccount CR named "-" for each + galera instance needs to be either created by the user or if it's missing, it'll be + created by the telemetry-operator automatically. + type: string + mysqldExporterEnabled: + description: Whether mysqld_exporter should be deployed + type: boolean + mysqldExporterImage: + type: string + mysqldExporterTLS: + description: MysqldExporterTLS - Parameters related to the TLS + for mysqld_exporter + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + networkAttachmentDefinitions: + description: NetworkAttachmentDefinitions list of network attachment + definitions the service pod gets attached to + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + notificationImage: + type: string + passwordSelector: + default: + ceilometerService: CeilometerPassword + description: PasswordSelectors - Selectors to identify the service + from the Secret + properties: + aodhService: + default: AodhPassword + description: AodhService - Selector to get the aodh service + password from the Secret + type: string + ceilometerService: + default: CeilometerPassword + description: CeilometerService - Selector to get the ceilometer + service password from the Secret + type: string + type: object + proxyImage: + type: string + rabbitMqClusterName: + default: rabbitmq + description: |- + RabbitMQ instance name + Needed to request a transportURL that is created and used in Telemetry + type: string + secret: + default: osp-secret + description: Secret containing OpenStack password information + for ceilometer + type: string + serviceUser: + default: ceilometer + description: ServiceUser - optional username used for this service + to register in keystone + type: string + sgCoreImage: + type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + required: + - centralImage + - computeImage + - ipmiImage + - notificationImage + - proxyImage + - secret + - sgCoreImage + type: object + logging: + description: Logging - Parameters related to the logging + properties: + annotations: + additionalProperties: + type: string + default: + metallb.universe.tf/address-pool: internalapi + metallb.universe.tf/allow-shared-ip: internalapi + metallb.universe.tf/loadBalancerIPs: 172.17.0.80 + description: Annotations is a way to configure certain LoadBalancers, + like MetalLB + type: object + cloNamespace: + default: openshift-logging + description: CLONamespace points to the namespace where the cluster-logging-operator + is deployed + type: string + enabled: + default: true + description: Enabled - Whether OpenStack logging service should + be deployed and managed + type: boolean + port: + default: 10514 + description: Port is the port where the service will listen on + format: int32 + type: integer + rsyslogQueueSize: + default: 10000 + description: The size of the local queue of logs + format: int32 + type: integer + rsyslogQueueType: + default: linkedList + description: The type of the local queue of logs + type: string + rsyslogRetries: + default: 100 + description: The number of retries rsyslog will attempt before + abandoning + format: int32 + type: integer + targetPort: + default: 10514 + description: TargetPort is the port where the logging syslog receiver + is listening + type: integer + required: + - rsyslogQueueType + type: object + metricStorage: + description: MetricStorage - Parameters related to the metricStorage + properties: + customMonitoringStack: + description: |- + CustomMonitoringStack allows to deploy a custom monitoring + stack when the options in "MonitoringStack" aren't + enough + nullable: true + properties: + alertmanagerConfig: + default: + disabled: false + description: Define Alertmanager config + properties: + disabled: + default: false + description: Disables the deployment of Alertmanager. + type: boolean + type: object + logLevel: + default: info + description: Loglevel set log levels of configured components + enum: + - debug + - info + - warn + - error + type: string + namespaceSelector: + description: |- + Namespace selector for Monitoring Stack Resources. + To monitor everything, set to empty map selector. E.g. namespaceSelector: {}. + To monitor resources in the namespace where Monitoring Stack was created in, set to null. E.g. namespaceSelector:. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + prometheusConfig: + default: + replicas: 2 + description: Define prometheus config + properties: + enableOtlpHttpReceiver: + description: |- + Enable Prometheus to accept OpenTelemetry Metrics via the otlp/http protocol. + Defaults to the value of `false`. + The resulting endpoint is /api/v1/otlp/v1/metrics. + type: boolean + enableRemoteWriteReceiver: + description: Enable Prometheus to be used as a receiver + for the Prometheus remote write protocol. Defaults to + the value of `false`. + type: boolean + externalLabels: + additionalProperties: + type: string + description: Define ExternalLabels for prometheus + type: object + persistentVolumeClaim: + description: Define persistent volume claim for prometheus + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + remoteWrite: + description: Define remote write for prometheus + items: + description: |- + RemoteWriteSpec defines the configuration to write samples from Prometheus + to a remote endpoint. + properties: + authorization: + description: |- + Authorization section for the URL. + + + It requires Prometheus >= v2.26.0. + + + Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: File to read a secret from, mutually + exclusive with `credentials`. + type: string + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + + "Basic" is not a supported value. + + + Default: "Bearer" + type: string + type: object + azureAd: + description: |- + AzureAD for the URL. + + + It requires Prometheus >= v2.45.0. + + + Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`. + properties: + cloud: + description: The Azure Cloud. Options are 'AzurePublic', + 'AzureChina', or 'AzureGovernment'. + enum: + - AzureChina + - AzureGovernment + - AzurePublic + type: string + managedIdentity: + description: |- + ManagedIdentity defines the Azure User-assigned Managed identity. + Cannot be set at the same time as `oauth`. + properties: + clientId: + description: The client id + type: string + required: + - clientId + type: object + oauth: + description: |- + OAuth defines the oauth config that is being used to authenticate. + Cannot be set at the same time as `managedIdentity`. + + + It requires Prometheus >= v2.48.0. + properties: + clientId: + description: '`clientID` is the clientId + of the Azure Active Directory application + that is being used to authenticate.' + minLength: 1 + type: string + clientSecret: + description: '`clientSecret` specifies a + key of a Secret containing the client + secret of the Azure Active Directory application + that is being used to authenticate.' + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tenantId: + description: '`tenantID` is the tenant ID + of the Azure Active Directory application + that is being used to authenticate.' + minLength: 1 + pattern: ^[0-9a-zA-Z-.]+$ + type: string + required: + - clientId + - clientSecret + - tenantId + type: object + type: object + basicAuth: + description: |- + BasicAuth configuration for the URL. + + + Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + description: |- + *Warning: this field shouldn't be used because the token value appears + in clear-text. Prefer using `authorization`.* + + + Deprecated: this will be removed in a future release. + type: string + bearerTokenFile: + description: |- + File from which to read bearer token for the URL. + + + Deprecated: this will be removed in a future release. Prefer using `authorization`. + type: string + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + headers: + additionalProperties: + type: string + description: |- + Custom HTTP headers to be sent along with each remote write request. + Be aware that headers that are set by Prometheus itself can't be overwritten. + + + It requires Prometheus >= v2.25.0. + type: object + metadataConfig: + description: MetadataConfig configures the sending + of series metadata to the remote storage. + properties: + send: + description: Defines whether metric metadata + is sent to the remote storage or not. + type: boolean + sendInterval: + description: Defines how frequently metric metadata + is sent to the remote storage. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + name: + description: |- + The name of the remote write queue, it must be unique if specified. The + name is used in metrics and logging in order to differentiate queues. + + + It requires Prometheus >= v2.15.0. + type: string + oauth2: + description: |- + OAuth2 configuration for the URL. + + + It requires Prometheus >= v2.27.0. + + + Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + scopes: + description: '`scopes` defines the OAuth2 scopes + used for the token request.' + items: + type: string + type: array + tokenUrl: + description: '`tokenURL` configures the URL + to fetch the token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyUrl: + description: Optional ProxyURL. + type: string + queueConfig: + description: QueueConfig allows tuning of the remote + write queue parameters. + properties: + batchSendDeadline: + description: BatchSendDeadline is the maximum + time a sample will wait in buffer. + type: string + capacity: + description: |- + Capacity is the number of samples to buffer per shard before we start + dropping them. + type: integer + maxBackoff: + description: MaxBackoff is the maximum retry + delay. + type: string + maxRetries: + description: MaxRetries is the maximum number + of times to retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum + number of samples per send. + type: integer + maxShards: + description: MaxShards is the maximum number + of shards, i.e. amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry + delay. Gets doubled for every retry. + type: string + minShards: + description: MinShards is the minimum number + of shards, i.e. amount of concurrency. + type: integer + retryOnRateLimit: + description: |- + Retry upon receiving a 429 status code from the remote-write storage. + This is experimental feature and might change in the future. + type: boolean + type: object + remoteTimeout: + description: Timeout for requests to the remote + write endpoint. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + sendExemplars: + description: |- + Enables sending of exemplars over remote write. Note that + exemplar-storage itself must be enabled using the `spec.enableFeature` + option for exemplars to be scraped in the first place. + + + It requires Prometheus >= v2.27.0. + type: boolean + sendNativeHistograms: + description: |- + Enables sending of native histograms, also known as sparse histograms + over remote write. + + + It requires Prometheus >= v2.40.0. + type: boolean + sigv4: + description: |- + Sigv4 allows to configures AWS's Signature Verification 4 for the URL. + + + It requires Prometheus >= v2.26.0. + + + Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`. + properties: + accessKey: + description: |- + AccessKey is the AWS API key. If not specified, the environment variable + `AWS_ACCESS_KEY_ID` is used. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: Profile is the named AWS profile + used to authenticate. + type: string + region: + description: Region is the AWS region. If blank, + the region from the default credentials chain + used. + type: string + roleArn: + description: RoleArn is the named AWS profile + used to authenticate. + type: string + secretKey: + description: |- + SecretKey is the AWS API secret. If not specified, the environment + variable `AWS_SECRET_ACCESS_KEY` is used. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + tlsConfig: + description: TLS Config to use for the URL. + properties: + ca: + description: Certificate authority used when + verifying server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: Path to the CA cert in the Prometheus + container to use for the targets. + type: string + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: Path to the client cert file in + the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in + the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for + the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples + to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + Action to perform based on the regex matching. + + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + Modulus to take of the hash of the source label values. + + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: Regular expression against which + the extracted value is matched. + type: string + replacement: + description: |- + Replacement value against which a Replace action is performed if the + regular expression matches. + + + Regex capture groups are available. + type: string + separator: + description: Separator is the string between + concatenated SourceLabels. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name which may only contain ASCII + letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: |- + Label to which the resulting string is written in a replacement. + + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + + Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicas: + default: 2 + description: Number of replicas/pods to deploy for a Prometheus + deployment. + format: int32 + minimum: 0 + type: integer + scrapeInterval: + description: Default interval between scrapes. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + resourceSelector: + description: |- + Label selector for Monitoring Stack Resources. + To monitor everything, set to empty map selector. E.g. resourceSelector: {}. + To disable service discovery, set to null. E.g. resourceSelector:. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + resources: + default: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + description: Define resources requests and limits for Monitoring + Stack Pods. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + retention: + default: 120h + description: |- + Time duration to retain data for. Default is '120h', + and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object + dashboardsEnabled: + default: false + description: DashboardsEnabled allows to enable or disable dashboards + and related artifacts + type: boolean + dataplaneNetwork: + default: ctlplane + description: DataplaneNetwork defines the network that will be + used to scrape dataplane node_exporter endpoints + pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$ + type: string + enabled: + default: false + description: Enabled - Whether a MetricStorage should be deployed + and managed + type: boolean + monitoringStack: + description: |- + MonitoringStack allows to define a metric storage with + options supported by Red Hat + nullable: true + properties: + alertingEnabled: + default: true + description: AlertingEnabled allows to enable or disable alertmanager + type: boolean + scrapeInterval: + default: 30s + description: ScrapeInterval sets the interval between scrapes + type: string + storage: + default: + persistent: + pvcStorageRequest: 20G + retention: 24h + strategy: persistent + description: Storage allows to define options for how to store + metrics + properties: + persistent: + description: |- + Used to specify the options of persistent storage when + strategy = "persistent" + properties: + pvcStorageClass: + description: PvcStorageClass The storage class to + use for storing metrics + type: string + pvcStorageRequest: + default: 20G + description: PvcStorageRequest The amount of storage + to request in PVC + type: string + pvcStorageSelector: + description: PvcStorageSelector The Label selector + to specify in PVCs + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + retention: + default: 24h + description: Retention time for metrics + type: string + strategy: + default: persistent + description: |- + Strategy to use for storage. Can be "persistent", "ephemeral" + or empty, in which case a COO default is used + enum: + - persistent + - ephemeral + type: string + type: object + type: object + prometheusTls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + secretName: + description: SecretName - holding the cert, key for the service + type: string + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to target subset of worker nodes running + this service + type: object + type: object + status: + description: TelemetryStatus defines the observed state of Telemetry + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + observedGeneration: + description: |- + ObservedGeneration - the most recent generation observed for this + service. If the observed generation is less than the spec generation, + then the controller has not processed the latest changes injected by + the openstack-operator in the top-level CR (e.g. the ContainerImage) + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/test.openstack.org_ansibletests.yaml b/bindata/crds/test.openstack.org_ansibletests.yaml new file mode 100644 index 000000000..0ed715780 --- /dev/null +++ b/bindata/crds/test.openstack.org_ansibletests.yaml @@ -0,0 +1,440 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: ansibletests.test.openstack.org +spec: + group: test.openstack.org + names: + kind: AnsibleTest + listKind: AnsibleTestList + plural: ansibletests + singular: ansibletest + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AnsibleTestSpec defines the desired state of AnsibleTest + properties: + SELinuxLevel: + default: "" + description: |- + A SELinuxLevel that should be used for test pods spawned by the test + operator. + type: string + ansibleCollections: + default: "" + description: AnsibleCollections - extra ansible collections to instal + in additionn to the ones exist in the requirements.yaml + type: string + ansibleExtraVars: + default: "" + description: AnsibleExtraVars - string to pass parameters to ansible + using + type: string + ansibleGitRepo: + default: "" + description: AnsibleGitRepo - git repo to clone into container + type: string + ansibleInventory: + default: "" + description: AnsibleInventory - string that contains the inventory + file content + type: string + ansiblePlaybookPath: + default: "" + description: AnsiblePlaybookPath - path to ansible playbook + type: string + ansibleVarFiles: + default: "" + description: AnsibleVarFiles - interface to create ansible var files + Those get added to the + type: string + backoffLimit: + default: 0 + description: BackoffLimit allows to define the maximum number of retried + executions (defaults to 0). + format: int32 + type: integer + computeSSHKeySecretName: + default: dataplane-ansible-ssh-private-key-secret + description: |- + ComputeSSHKeySecretName is the name of the k8s secret that contains an ssh key for computes. + The key is mounted to ~/.ssh/id_ecdsa in the ansible pod + type: string + containerImage: + default: "" + description: A URL of a container image that should be used by the + test-operator for tests execution. + type: string + debug: + default: false + description: Run ansible playbook with -vvvv + type: boolean + extraConfigmapsMounts: + description: Extra configmaps for mounting inside the pod + items: + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. + type: string + name: + description: The name of an existing config map for mounting. + maxLength: 253 + type: string + subPath: + default: "" + description: Config map subpath for mounting, defaults to configmap + root. + type: string + required: + - mountPath + - name + - subPath + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + This value contains a nodeSelector value that is applied to test pods + spawned by the test operator. + type: object + openStackConfigMap: + default: openstack-config + description: OpenStackConfigMap is the name of the ConfigMap containing + the clouds.yaml + type: string + openStackConfigSecret: + default: openstack-config-secret + description: OpenStackConfigSecret is the name of the Secret containing + the secure.yaml + type: string + privileged: + default: false + description: |- + Use with caution! This parameter specifies whether test-operator should spawn test + pods with allowedPrivilegedEscalation: true, readOnlyRootFilesystem: false and the + default capabilities on top of capabilities that are usually needed by the test + pods (NET_ADMIN, NET_RAW). This parameter is deemed insecure but it is needed for + certain test-operator functionalities to work properly (e.g.: extraRPMs in Tempest + CR, or certain set of tobiko tests). + type: boolean + storageClass: + default: local-storage + description: StorageClass used to create any test-operator related + PVCs. + type: string + tolerations: + description: |- + This value contains a toleration that is applied to pods spawned by the + test pods that are spawned by the test-operator. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + workflow: + description: A parameter that contains a workflow definition. + items: + properties: + SELinuxLevel: + description: |- + A SELinuxLevel that should be used for test pods spawned by the test + operator. + type: string + ansibleCollections: + description: AnsibleCollections - extra ansible collections + to instal in additionn to the ones exist in the requirements.yaml + type: string + ansibleExtraVars: + description: AnsibleExtraVars - interface to pass parameters + to ansible using -e + type: string + ansibleGitRepo: + description: AnsibleGitRepo - git repo to clone into container + type: string + ansibleInventory: + description: AnsibleInventory - string that contains the inventory + file content + type: string + ansiblePlaybookPath: + description: AnsiblePlaybookPath - path to ansible playbook + type: string + ansibleVarFiles: + description: |- + AnsibleVarFiles - interface to create ansible var files Those get added to the + service config dir in /etc/test_operator/ and passed to the ansible command using -e @/etc/test_operator/ + type: string + backoffLimit: + default: 0 + description: BackoffLimit allows to define the maximum number + of retried executions (defaults to 0). + format: int32 + type: integer + computeSSHKeySecretName: + description: |- + ComputeSSHKeySecretName is the name of the k8s secret that contains an ssh key for computes. + The key is mounted to ~/.ssh/id_ecdsa in the ansible pod + type: string + containerImage: + default: "" + description: A URL of a container image that should be used + by the test-operator for tests execution. + type: string + debug: + description: Run ansible playbook with -vvvv + type: boolean + extraConfigmapsMounts: + description: Extra configmaps for mounting inside the pod + items: + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. + type: string + name: + description: The name of an existing config map for mounting. + maxLength: 253 + type: string + subPath: + default: "" + description: Config map subpath for mounting, defaults + to configmap root. + type: string + required: + - mountPath + - name + - subPath + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + This value contains a nodeSelector value that is applied to test pods + spawned by the test operator. + type: object + openStackConfigMap: + default: openstack-config + description: OpenStackConfigMap is the name of the ConfigMap + containing the clouds.yaml + type: string + openStackConfigSecret: + default: openstack-config-secret + description: OpenStackConfigSecret is the name of the Secret + containing the secure.yaml + type: string + privileged: + description: |- + Use with caution! This parameter specifies whether test-operator should spawn test + pods with allowedPrivilegedEscalation: true and the default capabilities on + top of capabilities that are usually needed by the test pods (NET_ADMIN, NET_RAW). + This parameter is deemed insecure but it is needed for certain test-operator + functionalities to work properly (e.g.: extraRPMs in Tempest CR, or certain set + of tobiko tests). + type: boolean + stepName: + description: |- + Name of a workflow step. The step name will be used for example to create + a logs directory. + maxLength: 100 + type: string + storageClass: + default: local-storage + description: StorageClass used to create any test-operator related + PVCs. + type: string + tolerations: + description: |- + This value contains a toleration that is applied to pods spawned by the + test pods that are spawned by the test-operator. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + workloadSSHKeySecretName: + description: |- + WorkloadSSHKeySecretName is the name of the k8s secret that contains an ssh key for the ansible workload. + The key is mounted to ~/test_keypair.key in the ansible pod + type: string + required: + - stepName + type: object + type: array + workloadSSHKeySecretName: + default: "" + description: |- + WorkloadSSHKeySecretName is the name of the k8s secret that contains an ssh key for the ansible workload. + The key is mounted to ~/test_keypair.key in the ansible pod + type: string + required: + - ansibleGitRepo + - ansiblePlaybookPath + type: object + status: + description: CommonTestStatus defines the observed state of the controller + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/test.openstack.org_horizontests.yaml b/bindata/crds/test.openstack.org_horizontests.yaml new file mode 100644 index 000000000..e3968e29c --- /dev/null +++ b/bindata/crds/test.openstack.org_horizontests.yaml @@ -0,0 +1,304 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: horizontests.test.openstack.org +spec: + group: test.openstack.org + names: + kind: HorizonTest + listKind: HorizonTestList + plural: horizontests + singular: horizontest + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: HorizonTestSpec defines the desired state of HorizonTest + properties: + SELinuxLevel: + default: "" + description: |- + A SELinuxLevel that should be used for test pods spawned by the test + operator. + type: string + adminPassword: + default: admin + description: AdminPassword is the password for the OpenStack admin + user. + type: string + adminUsername: + default: admin + description: AdminUsername is the username for the OpenStack admin + user. + type: string + authUrl: + description: AuthUrl is the authentication URL for OpenStack. + type: string + backoffLimit: + default: 0 + description: BackoffLimit allows to define the maximum number of retried + executions (defaults to 0). + format: int32 + type: integer + containerImage: + default: "" + description: A URL of a container image that should be used by the + test-operator for tests execution. + type: string + dashboardUrl: + description: DashboardUrl is the URL of the Horizon dashboard. + type: string + debug: + default: false + description: |- + Activate debug mode. When debug mode is activated any error encountered + inside the test-pod causes that the pod will be kept alive indefinitely + (stuck in "Running" phase) or until the corresponding HorizonTest CR is deleted. + This allows the user to debug any potential troubles with `oc rsh`. + type: boolean + extraConfigmapsMounts: + description: Extra configmaps for mounting inside the pod + items: + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. + type: string + name: + description: The name of an existing config map for mounting. + maxLength: 253 + type: string + subPath: + default: "" + description: Config map subpath for mounting, defaults to configmap + root. + type: string + required: + - mountPath + - name + - subPath + type: object + type: array + flavorName: + default: m1.tiny + description: FlavorName is the name of the OpenStack flavor to create + for Horizon tests. + type: string + horizonRepoBranch: + default: master + description: HorizonRepoBranch is the branch of the Horizon repository + to checkout. + type: string + horizonTestDir: + default: /var/lib/horizontest + description: HorizonTestDir is the directory path for Horizon tests. + type: string + imageUrl: + default: http://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img + description: ImageUrl is the URL to download the Cirros image. + type: string + kubeconfigSecretName: + description: |- + Name of a secret that contains a kubeconfig. The kubeconfig is mounted under /var/lib/horizontest/.kube/config + in the test pod. + type: string + logsDirectoryName: + default: horizon + description: LogsDirectoryName is the name of the directory to store + test logs. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + This value contains a nodeSelector value that is applied to test pods + spawned by the test operator. + type: object + parallel: + default: false + description: Parallel + type: boolean + password: + default: horizontest + description: Password is the password for the user running the Horizon + tests. + type: string + privileged: + default: false + description: |- + Use with caution! This parameter specifies whether test-operator should spawn test + pods with allowedPrivilegedEscalation: true, readOnlyRootFilesystem: false and the + default capabilities on top of capabilities that are usually needed by the test + pods (NET_ADMIN, NET_RAW). This parameter is deemed insecure but it is needed for + certain test-operator functionalities to work properly (e.g.: extraRPMs in Tempest + CR, or certain set of tobiko tests). + type: boolean + projectName: + default: horizontest + description: ProjectName is the name of the OpenStack project for + Horizon tests. + type: string + repoUrl: + default: https://review.opendev.org/openstack/horizon + description: RepoUrl is the URL of the Horizon repository. + type: string + storageClass: + default: local-storage + description: StorageClass used to create any test-operator related + PVCs. + type: string + tolerations: + description: |- + This value contains a toleration that is applied to pods spawned by the + test pods that are spawned by the test-operator. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + user: + default: horizontest + description: User is the username under which the Horizon tests will + run. + type: string + required: + - adminPassword + - adminUsername + - authUrl + - dashboardUrl + - horizonRepoBranch + - repoUrl + type: object + status: + description: CommonTestStatus defines the observed state of the controller + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/test.openstack.org_tempests.yaml b/bindata/crds/test.openstack.org_tempests.yaml new file mode 100644 index 000000000..036c24ccc --- /dev/null +++ b/bindata/crds/test.openstack.org_tempests.yaml @@ -0,0 +1,1028 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: tempests.test.openstack.org +spec: + group: test.openstack.org + names: + kind: Tempest + listKind: TempestList + plural: tempests + singular: tempest + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + TempestSpec - configuration of execution of tempest. For specific configuration + of tempest see TempestRunSpec and for discover-tempest-config see TempestconfRunSpec. + properties: + SELinuxLevel: + default: "" + description: |- + A SELinuxLevel that should be used for test pods spawned by the test + operator. + type: string + SSHKeySecretName: + default: "" + description: |- + SSHKeySecretName is the name of the k8s secret that contains an ssh key. + The key is mounted to ~/.ssh/id_ecdsa in the tempest pod + type: string + backoffLimit: + default: 0 + description: BackoffLimit allows to define the maximum number of retried + executions (defaults to 0). + format: int32 + type: integer + cleanup: + default: false + description: |- + Activate tempest cleanup. When activated, tempest will run tempest cleanup + after test execution is complete to delete any resources created by tempest + that may have been left out. + type: boolean + configOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf + But can also be used to add additional files. Those get added to the + service config dir in /etc/test_operator/ + type: object + containerImage: + default: "" + description: A URL of a container image that should be used by the + test-operator for tests execution. + type: string + debug: + default: false + description: |- + Activate debug mode. When debug mode is activated any error encountered + inside the test-pod causes that the pod will be kept alive indefinitely + (stuck in "Running" phase) or until the corresponding Tempest CR is deleted. + This allows the user to debug any potential troubles with `oc rsh`. + type: boolean + extraConfigmapsMounts: + description: Extra configmaps for mounting inside the pod + items: + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. + type: string + name: + description: The name of an existing config map for mounting. + maxLength: 253 + type: string + subPath: + default: "" + description: Config map subpath for mounting, defaults to configmap + root. + type: string + required: + - mountPath + - name + - subPath + type: object + type: array + networkAttachments: + description: |- + NetworkAttachments is a list of NetworkAttachment resource names to expose + the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + This value contains a nodeSelector value that is applied to test pods + spawned by the test operator. + type: object + openStackConfigMap: + default: openstack-config + description: OpenStackConfigMap is the name of the ConfigMap containing + the clouds.yaml + type: string + openStackConfigSecret: + default: openstack-config-secret + description: OpenStackConfigSecret is the name of the Secret containing + the secure.yaml + type: string + parallel: + default: false + description: |- + By default test-operator executes the test-pods sequentially if multiple + instances of test-operator related CRs exist. If you want to turn off this + behaviour then set this option to true. + type: boolean + privileged: + default: false + description: |- + Use with caution! This parameter specifies whether test-operator should spawn test + pods with allowedPrivilegedEscalation: true, readOnlyRootFilesystem: false and the + default capabilities on top of capabilities that are usually needed by the test + pods (NET_ADMIN, NET_RAW). This parameter is deemed insecure but it is needed for + certain test-operator functionalities to work properly (e.g.: extraRPMs in Tempest + CR, or certain set of tobiko tests). + type: boolean + storageClass: + default: local-storage + description: StorageClass used to create any test-operator related + PVCs. + type: string + tempestRun: + description: |- + TempestRunSpec - is used to configure execution of tempest. Please refer to + Please refer to https://docs.openstack.org/tempest/latest/ for the further + explanation of the CLI parameters. + properties: + concurrency: + default: 0 + description: Concurrency value that is passed to tempest via --concurrency + format: int64 + type: integer + excludeList: + description: A content of exclude.txt file that is passed to tempest + via --exclude-list + type: string + expectedFailuresList: + description: |- + The expectedFailuresList parameter contains tests that should not count + as failures. When a test from this list fails, the test pod ends with + Completed state rather than with Error state. + type: string + externalPlugin: + description: |- + ExternalPlugin contains information about plugin that should be installed + within the tempest test pod. If this option is specified then only tests + that are part of the external plugin can be executed. + items: + description: |- + ExternalPluginType - is used to specify a plugin that should be installed + from an external resource + properties: + changeRefspec: + description: |- + ChangeRefspec specifies which change the remote repository should be + checked out to (ChangeRepository must be defined as well). + type: string + changeRepository: + description: |- + URL that points to a repository that contains a change that should be + applied to the repository defined by Repository (ChangeRefspec must be + defined as well). + type: string + repository: + description: URL that points to a git repository containing + an external plugin. + type: string + required: + - repository + type: object + type: array + extraImages: + description: |- + Extra images that should be downloaded inside the test pod and uploaded to + openstack. + items: + description: |- + ExtraImagesType - is used to specify extra images that should be downloaded + inside the test pod and uploaded to openstack + properties: + ID: + default: '-' + description: ID that should be assigned to the newly created + image + type: string + URL: + description: URL that points to a location where the image + is located + type: string + containerFormat: + default: '-' + description: Image container format + type: string + diskFormat: + default: '-' + description: Image disk format + type: string + flavor: + description: Information about flavor that should be created + together with the image + properties: + ID: + default: '-' + description: ID that should be assigned to the newly + created flavor + type: string + RAM: + description: How much RAM should be allocated when this + flavor is used + format: int64 + type: integer + disk: + description: How much disk space should be allocated + when this flavor is used + format: int64 + type: integer + name: + description: Name of the flavor that should be created + type: string + osCloud: + default: '-' + description: Cloud that should be used for authentication + type: string + vcpus: + description: How many vcpus should be be allocated when + this flavor is used + format: int64 + type: integer + required: + - RAM + - disk + - name + - vcpus + type: object + imageCreationTimeout: + default: 300 + description: Timeout duration for an image to reach the + active state after its creation + format: int64 + type: integer + name: + description: Name of the image + type: string + osCloud: + default: '-' + description: Cloud that should be used for authentication + type: string + required: + - URL + - name + type: object + type: array + extraRPMs: + description: |- + A list URLs that point to RPMs that should be downloaded and installed + inside the tempest test pod. + items: + type: string + type: array + includeList: + default: tempest.api.identity.v3 + description: A content of include.txt file that is passed to tempest + via --include-list + type: string + parallel: + default: true + description: Indicate whether tempest should be executed with + --parallel + type: boolean + serial: + default: false + description: Indicate whether tempest should be executed with + --serial + type: boolean + smoke: + default: false + description: Indicate whether tempest should be executed with + --smoke + type: boolean + workerFile: + default: "" + description: A content of worker_file.yaml that is passed to tempest + via --worker-file + type: string + type: object + tempestconfRun: + description: |- + TempestconfRunSpec - is used to configure execution of discover-tempest-config + Please refer to https://docs.opendev.org/openinfra/python-tempestconf for the + further explanation of the CLI parameters. + properties: + append: + default: "" + description: |- + The content of this variable will be passed to discover-tempest-config via + --append + type: string + collectTiming: + default: false + description: |- + Indicate whether discover-tempest-config should be executed with + --collect-timing + type: boolean + convertToRaw: + default: false + description: |- + Indicate whether discover-tempest-config should be executed with + --convert-to-raw + type: boolean + create: + default: true + description: Indicate whether discover-tempest-config should be + executed with --create + type: boolean + createAccountsFile: + default: "" + description: |- + The content of this variable will be passed to discover-tempest-config via + the --create-accounts-file + type: string + debug: + default: false + description: Indicate whether discover-tempest-config should be + executed with --debug + type: boolean + deployerInput: + default: "" + description: A content of deployer_input.ini that is passed to + tempest via --deployer-input + type: string + flavorMinDisk: + default: 0 + description: |- + The content of this variable will be passed to discover-tempest-config via + --flavor-min-disk + format: int64 + type: integer + flavorMinMem: + default: 0 + description: |- + The content of this variable will be passed to discover-tempest-config via + --flavor-min-mem + format: int64 + type: integer + generateProfile: + default: "" + description: |- + The content of this variable will be passed to discover-tempest-config via + --generate-profile + type: string + image: + default: "" + description: |- + The content of this variable will be passed to discover-tempest-config via + --image + type: string + imageDiskFormat: + default: "" + description: |- + The content of this variable will be passed to discover-tempest-config via + --image-disk-format + type: string + insecure: + default: false + description: Indicate whether discover-tempest-config should be + executed with --insecure + type: boolean + networkID: + default: "" + description: |- + The content of this variable will be passed to discover-tempest-config via + --network-id + type: string + noDefaultDeployer: + default: false + description: |- + Indicate whether discover-tempest-config should be executed with + --no-default-deployer + type: boolean + nonAdmin: + default: false + description: Indicate whether discover-tempest-config should be + executed with --non-admin + type: boolean + out: + default: "" + description: |- + The content of this variable will be passed to discover-tempest-config via + the --out parameter + type: string + overrides: + default: identity.v3_endpoint_type public + description: |- + The content of this variable will be appended at the end of the command + that executes discover-tempest-config (override values). + type: string + profile: + default: "" + description: A content of profile.yaml that is passed to tempest + via --profile + type: string + remove: + default: "" + description: |- + The content of this variable will be passed to discover-tempest-config via + --remove + type: string + retryImage: + default: false + description: Indicate whether discover-tempest-config should be + executed with --retry-image + type: boolean + testAccounts: + default: "" + description: A content of accounts.yaml that is passed to tempest + via --test-acounts + type: string + timeout: + default: 0 + description: |- + The content of this variable will be passed to discover-tempest-config via + --timeout + format: int64 + type: integer + verbose: + default: false + description: Indicate whether discover-tempest-config should be + executed with --verbose + type: boolean + type: object + tolerations: + description: |- + This value contains a toleration that is applied to pods spawned by the + test pods that are spawned by the test-operator. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + workflow: + description: |- + Workflow - can be used to specify a multiple executions of tempest with + a different configuration in a single CR. Accepts a list of dictionaries + where each member of the list accepts the same values as the Tempest CR + does in the `spec`` section. Values specified using the workflow section have + a higher precedence than the values specified higher in the Tempest CR + hierarchy. + items: + description: |- + TempestSpec - configuration of execution of tempest. For specific configuration + of tempest see TempestRunSpec and for discover-tempest-config see TempestconfRunSpec. + properties: + SELinuxLevel: + description: |- + A SELinuxLevel that should be used for test pods spawned by the test + operator. + type: string + SSHKeySecretName: + description: |- + SSHKeySecretName is the name of the k8s secret that contains an ssh key. + The key is mounted to ~/.ssh/id_ecdsa in the tempest pod + type: string + backoffLimit: + default: 0 + description: BackoffLimit allows to define the maximum number + of retried executions (defaults to 0). + format: int32 + type: integer + configOverwrite: + additionalProperties: + type: string + description: |- + ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf + But can also be used to add additional files. Those get added to the + service config dir in /etc/test_operator/ + type: object + containerImage: + default: "" + description: A URL of a container image that should be used + by the test-operator for tests execution. + type: string + extraConfigmapsMounts: + description: Extra configmaps for mounting inside the pod + items: + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. + type: string + name: + description: The name of an existing config map for mounting. + maxLength: 253 + type: string + subPath: + default: "" + description: Config map subpath for mounting, defaults + to configmap root. + type: string + required: + - mountPath + - name + - subPath + type: object + type: array + networkAttachments: + description: |- + NetworkAttachments is a list of NetworkAttachment resource names to expose + the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + This value contains a nodeSelector value that is applied to test pods + spawned by the test operator. + type: object + openStackConfigMap: + default: openstack-config + description: OpenStackConfigMap is the name of the ConfigMap + containing the clouds.yaml + type: string + openStackConfigSecret: + default: openstack-config-secret + description: OpenStackConfigSecret is the name of the Secret + containing the secure.yaml + type: string + parallel: + description: |- + By default test-operator executes the test-pods sequentially if multiple + instances of test-operator related CRs exist. If you want to turn off this + behaviour then set this option to true. + type: boolean + privileged: + description: |- + Use with caution! This parameter specifies whether test-operator should spawn test + pods with allowedPrivilegedEscalation: true and the default capabilities on + top of capabilities that are usually needed by the test pods (NET_ADMIN, NET_RAW). + This parameter is deemed insecure but it is needed for certain test-operator + functionalities to work properly (e.g.: extraRPMs in Tempest CR, or certain set + of tobiko tests). + type: boolean + stepName: + description: |- + Name of a workflow step. The step name will be used for example to create + a logs directory. + maxLength: 100 + pattern: ^[a-z0-9] + type: string + storageClass: + default: local-storage + description: StorageClass used to create any test-operator related + PVCs. + type: string + tempestRun: + description: |- + TempestRunSpec - is used to configure execution of tempest. Please refer to + Please refer to https://docs.openstack.org/tempest/latest/ for the further + explanation of the CLI parameters. + properties: + concurrency: + description: Concurrency value that is passed to tempest + via --concurrency + format: int64 + type: integer + excludeList: + description: A content of exclude.txt file that is passed + to tempest via --exclude-list + type: string + expectedFailuresList: + description: |- + The expectedFailuresList parameter contains tests that should not count + as failures. When a test from this list fails, the test pod ends with + Completed state rather than with Error state. + type: string + externalPlugin: + description: |- + ExternalPlugin contains information about plugin that should be installed + within the tempest test pod. If this option is specified then only tests + that are part of the external plugin can be executed. + items: + description: |- + ExternalPluginType - is used to specify a plugin that should be installed + from an external resource + properties: + changeRefspec: + description: |- + ChangeRefspec specifies which change the remote repository should be + checked out to (ChangeRepository must be defined as well). + type: string + changeRepository: + description: |- + URL that points to a repository that contains a change that should be + applied to the repository defined by Repository (ChangeRefspec must be + defined as well). + type: string + repository: + description: URL that points to a git repository containing + an external plugin. + type: string + required: + - repository + type: object + type: array + extraImagesType: + description: |- + Extra images that should be downloaded inside the test pod and uploaded to + openstack. + items: + description: |- + ExtraImagesType - is used to specify extra images that should be downloaded + inside the test pod and uploaded to openstack + properties: + ID: + default: '-' + description: ID that should be assigned to the newly + created image + type: string + URL: + description: URL that points to a location where the + image is located + type: string + containerFormat: + default: '-' + description: Image container format + type: string + diskFormat: + default: '-' + description: Image disk format + type: string + flavor: + description: Information about flavor that should + be created together with the image + properties: + ID: + default: '-' + description: ID that should be assigned to the + newly created flavor + type: string + RAM: + description: How much RAM should be allocated + when this flavor is used + format: int64 + type: integer + disk: + description: How much disk space should be allocated + when this flavor is used + format: int64 + type: integer + name: + description: Name of the flavor that should be + created + type: string + osCloud: + default: '-' + description: Cloud that should be used for authentication + type: string + vcpus: + description: How many vcpus should be be allocated + when this flavor is used + format: int64 + type: integer + required: + - RAM + - disk + - name + - vcpus + type: object + imageCreationTimeout: + default: 300 + description: Timeout duration for an image to reach + the active state after its creation + format: int64 + type: integer + name: + description: Name of the image + type: string + osCloud: + default: '-' + description: Cloud that should be used for authentication + type: string + required: + - URL + - name + type: object + type: array + extraRPMs: + description: |- + A list URLs that point to RPMs that should be downloaded and installed + inside the tempest test pod. + items: + type: string + type: array + includeList: + description: A content of include.txt file that is passed + to tempest via --include-list + type: string + parallel: + description: Indicate whether tempest should be executed + with --parallel + type: boolean + serial: + description: Indicate whether tempest should be executed + with --serial + type: boolean + smoke: + description: Indicate whether tempest should be executed + with --smoke + type: boolean + workerFile: + description: A content of worker_file.yaml that is passed + to tempest via --worker-file + type: string + type: object + tempestconfRun: + description: |- + TempestconfRunSpec - is used to configure execution of discover-tempest-config + Please refer to https://docs.opendev.org/openinfra/python-tempestconf for the + further explanation of the CLI parameters. + properties: + append: + description: |- + The content of this variable will be passed to discover-tempest-config via + --append + type: string + collectTiming: + description: |- + Indicate whether discover-tempest-config should be executed with + --collect-timing + type: boolean + convertToRaw: + description: |- + Indicate whether discover-tempest-config should be executed with + --convert-to-raw + type: boolean + create: + description: Indicate whether discover-tempest-config should + be executed with --create + type: boolean + createAccountsFile: + description: |- + The content of this variable will be passed to discover-tempest-config via + the --create-accounts-file + type: string + debug: + description: Indicate whether discover-tempest-config should + be executed with --debug + type: boolean + deployerInput: + description: A content of deployer_input.ini that is passed + to tempest via --deployer-input + type: string + flavorMinDisk: + description: |- + The content of this variable will be passed to discover-tempest-config via + --flavor-min-disk + format: int64 + type: integer + flavorMinMem: + description: |- + The content of this variable will be passed to discover-tempest-config via + --flavor-min-mem + format: int64 + type: integer + generateProfile: + description: |- + The content of this variable will be passed to discover-tempest-config via + --generate-profile + type: string + image: + description: |- + The content of this variable will be passed to discover-tempest-config via + --image + type: string + imageDiskFormat: + description: |- + The content of this variable will be passed to discover-tempest-config via + --image-disk-format + type: string + insecure: + description: Indicate whether discover-tempest-config should + be executed with --insecure + type: boolean + networkID: + description: |- + The content of this variable will be passed to discover-tempest-config via + --network-id + type: string + noDefaultDeployer: + description: |- + Indicate whether discover-tempest-config should be executed with + --no-default-deployer + type: boolean + nonAdmin: + description: Indicate whether discover-tempest-config should + be executed with --non-admin + type: boolean + out: + description: |- + The content of this variable will be passed to discover-tempest-config via + the --out parameter + type: string + overrides: + description: |- + The content of this variable will be appended at the end of the command + that executes discover-tempest-config (override values). + type: string + profile: + description: A content of profile.yaml that is passed to + tempest via --profile + type: string + remove: + description: |- + The content of this variable will be passed to discover-tempest-config via + --remove + type: string + retryImage: + description: Indicate whether discover-tempest-config should + be executed with --retry-image + type: boolean + testAccounts: + description: A content of accounts.yaml that is passed to + tempest via --test-acounts + type: string + timeout: + description: |- + The content of this variable will be passed to discover-tempest-config via + --timeout + format: int64 + type: integer + verbose: + description: Indicate whether discover-tempest-config should + be executed with --verbose + type: boolean + type: object + tolerations: + description: |- + This value contains a toleration that is applied to pods spawned by the + test pods that are spawned by the test-operator. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + required: + - stepName + type: object + type: array + type: object + status: + description: CommonTestStatus defines the observed state of the controller + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/crds/test.openstack.org_tobikoes.yaml b/bindata/crds/test.openstack.org_tobikoes.yaml new file mode 100644 index 000000000..fb205d50a --- /dev/null +++ b/bindata/crds/test.openstack.org_tobikoes.yaml @@ -0,0 +1,438 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: tobikoes.test.openstack.org +spec: + group: test.openstack.org + names: + kind: Tobiko + listKind: TobikoList + plural: tobikoes + singular: tobiko + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + - description: Message + jsonPath: .status.conditions[0].message + name: Message + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TobikoSpec defines the desired state of Tobiko + properties: + SELinuxLevel: + default: "" + description: |- + A SELinuxLevel that should be used for test pods spawned by the test + operator. + type: string + backoffLimit: + default: 0 + description: BackoffLimit allows to define the maximum number of retried + executions (defaults to 0). + format: int32 + type: integer + config: + default: "" + description: tobiko.conf + type: string + containerImage: + default: "" + description: A URL of a container image that should be used by the + test-operator for tests execution. + type: string + debug: + default: false + description: |- + Activate debug mode. When debug mode is activated any error encountered + inside the test-pod causes that the pod will be kept alive indefinitely + (stuck in "Running" phase) or until the corresponding Tobiko CR is deleted. + This allows the user to debug any potential troubles with `oc rsh`. + type: boolean + extraConfigmapsMounts: + description: Extra configmaps for mounting inside the pod + items: + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. + type: string + name: + description: The name of an existing config map for mounting. + maxLength: 253 + type: string + subPath: + default: "" + description: Config map subpath for mounting, defaults to configmap + root. + type: string + required: + - mountPath + - name + - subPath + type: object + type: array + kubeconfigSecretName: + description: |- + Name of a secret that contains a kubeconfig. The kubeconfig is mounted under /var/lib/tobiko/.kube/config + in the test pod. + type: string + networkAttachments: + description: |- + NetworkAttachments is a list of NetworkAttachment resource names to expose + the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + This value contains a nodeSelector value that is applied to test pods + spawned by the test operator. + type: object + numProcesses: + default: 0 + description: Number of processes/workers used to run tobiko tests + - value 0 results in automatic decission + type: integer + parallel: + default: false + description: |- + By default test-operator executes the test-pods sequentially if multiple + instances of test-operator related CRs exist. To run test-pods in parallel + set this option to true. + type: boolean + preventCreate: + default: false + description: Boolean specifying whether tobiko tests create new resources + or re-use those previously created + type: boolean + privateKey: + default: "" + description: Private Key + type: string + privileged: + default: false + description: |- + Use with caution! This parameter specifies whether test-operator should spawn test + pods with allowedPrivilegedEscalation: true, readOnlyRootFilesystem: false and the + default capabilities on top of capabilities that are usually needed by the test + pods (NET_ADMIN, NET_RAW). This parameter is deemed insecure but it is needed for + certain test-operator functionalities to work properly (e.g.: extraRPMs in Tempest + CR, or certain set of tobiko tests). + type: boolean + publicKey: + default: "" + description: Public Key + type: string + pytestAddopts: + default: "" + description: String including any options to pass to pytest when it + runs tobiko tests + type: string + storageClass: + default: local-storage + description: StorageClass used to create any test-operator related + PVCs. + type: string + testenv: + default: py3 + description: Test environment + type: string + tolerations: + description: |- + This value contains a toleration that is applied to pods spawned by the + test pods that are spawned by the test-operator. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + version: + default: "" + description: Tobiko version + type: string + workflow: + description: A parameter that contains a workflow definition. + items: + properties: + SELinuxLevel: + description: |- + A SELinuxLevel that should be used for test pods spawned by the test + operator. + type: string + backoffLimit: + default: 0 + description: BackoffLimit allows to define the maximum number + of retried executions (defaults to 0). + format: int32 + type: integer + config: + description: tobiko.conf + type: string + containerImage: + default: "" + description: A URL of a container image that should be used + by the test-operator for tests execution. + type: string + extraConfigmapsMounts: + description: Extra configmaps for mounting inside the pod + items: + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. + type: string + name: + description: The name of an existing config map for mounting. + maxLength: 253 + type: string + subPath: + default: "" + description: Config map subpath for mounting, defaults + to configmap root. + type: string + required: + - mountPath + - name + - subPath + type: object + type: array + kubeconfigSecretName: + description: |- + Name of a secret that contains a kubeconfig. The kubeconfig is mounted under /var/lib/tobiko/.kube/config + in the test pod. + type: string + networkAttachments: + description: |- + NetworkAttachments is a list of NetworkAttachment resource names to expose + the services to the given network + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: |- + This value contains a nodeSelector value that is applied to test pods + spawned by the test operator. + type: object + numProcesses: + description: Number of processes/workers used to run tobiko + tests - value 0 results in automatic decission + type: integer + preventCreate: + description: Boolean specifying whether tobiko tests create + new resources or re-use those previously created + type: boolean + privateKey: + description: Private Key + type: string + privileged: + description: |- + Use with caution! This parameter specifies whether test-operator should spawn test + pods with allowedPrivilegedEscalation: true and the default capabilities on + top of capabilities that are usually needed by the test pods (NET_ADMIN, NET_RAW). + This parameter is deemed insecure but it is needed for certain test-operator + functionalities to work properly (e.g.: extraRPMs in Tempest CR, or certain set + of tobiko tests). + type: boolean + publicKey: + description: Public Key + type: string + pytestAddopts: + description: String including any options to pass to pytest + when it runs tobiko tests + type: string + stepName: + default: "" + description: A parameter that contains a definition of a single + workflow step. + maxLength: 100 + type: string + storageClass: + default: local-storage + description: StorageClass used to create any test-operator related + PVCs. + type: string + testenv: + description: Test environment + type: string + tolerations: + description: |- + This value contains a toleration that is applied to pods spawned by the + test pods that are spawned by the test-operator. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + version: + description: Tobiko version + type: string + required: + - stepName + type: object + type: array + type: object + status: + description: CommonTestStatus defines the observed state of the controller + properties: + conditions: + description: Conditions + items: + description: Condition defines an observation of a API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. + type: string + severity: + description: |- + Severity provides a classification of Reason code, so the current situation is immediately + understandable and could act accordingly. + It is meant for situations where Status=False and it should be indicated if it is just + informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue + and no actions to automatically resolve the issue can/should be done). + For conditions where Status=Unknown or Status=True the Severity should be SeverityNone. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + hash: + additionalProperties: + type: string + description: Map of hashes to track e.g. job status + type: object + networkAttachments: + additionalProperties: + items: + type: string + type: array + description: NetworkAttachments status of the deployment pods + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bindata/operator/infra-operator-webhooks.yaml b/bindata/operator/infra-operator-webhooks.yaml new file mode 100644 index 000000000..234ba2838 --- /dev/null +++ b/bindata/operator/infra-operator-webhooks.yaml @@ -0,0 +1,368 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: openstack-operator + app.kubernetes.io/instance: webhook-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: infra-operator + name: infra-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + openstack.org/operator-name: infra +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + app.kubernetes.io/component: certificate + app.kubernetes.io/created-by: openstack-operator + app.kubernetes.io/instance: serving-cert + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: certificate + app.kubernetes.io/part-of: infra-operator + name: infra-operator-serving-cert + namespace: '{{ .OperatorNamespace }}' +spec: + dnsNames: + - infra-operator-webhook-service.{{ .OperatorNamespace }}.svc + - infra-operator-webhook-service.{{ .OperatorNamespace }}.svc.cluster.local + issuerRef: + kind: Issuer + name: infra-operator-selfsigned-issuer + secretName: infra-operator-webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/component: certificate + app.kubernetes.io/created-by: openstack-operator + app.kubernetes.io/instance: selfsigned-issuer + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: issuer + app.kubernetes.io/part-of: infra-operator + name: infra-operator-selfsigned-issuer + namespace: '{{ .OperatorNamespace }}' +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: '{{ .OperatorNamespace }}/infra-operator-serving-cert' + creationTimestamp: null + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: openstack-operator + app.kubernetes.io/instance: mutating-webhook-configuration + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mutatingwebhookconfiguration + app.kubernetes.io/part-of: infra-operator + name: infra-operator-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + failurePolicy: Fail + name: mdnsmasq.kb.io + rules: + - apiGroups: + - network.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - dnsmasqs + sideEffects: None + clientConfig: + service: + name: infra-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /mutate-network-openstack-org-v1beta1-dnsmasq +- admissionReviewVersions: + - v1 + failurePolicy: Fail + name: minstanceha.kb.io + rules: + - apiGroups: + - client.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - instancehas + sideEffects: None + clientConfig: + service: + name: infra-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /mutate-client-openstack-org-v1beta1-instanceha +- admissionReviewVersions: + - v1 + failurePolicy: Fail + name: mipset.kb.io + rules: + - apiGroups: + - network.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ipsets + sideEffects: None + clientConfig: + service: + name: infra-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /mutate-network-openstack-org-v1beta1-ipset +- admissionReviewVersions: + - v1 + failurePolicy: Fail + name: mmemcached.kb.io + rules: + - apiGroups: + - memcached.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - memcacheds + sideEffects: None + clientConfig: + service: + name: infra-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /mutate-memcached-openstack-org-v1beta1-memcached +- admissionReviewVersions: + - v1 + failurePolicy: Fail + name: mnetconfig.kb.io + rules: + - apiGroups: + - network.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - netconfigs + sideEffects: None + clientConfig: + service: + name: infra-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /mutate-network-openstack-org-v1beta1-netconfig +- admissionReviewVersions: + - v1 + failurePolicy: Fail + name: mredis.kb.io + rules: + - apiGroups: + - redis.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - redises + sideEffects: None + clientConfig: + service: + name: infra-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /mutate-redis-openstack-org-v1beta1-redis +- admissionReviewVersions: + - v1 + failurePolicy: Fail + name: mreservation.kb.io + rules: + - apiGroups: + - network.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - reservations + sideEffects: None + clientConfig: + service: + name: infra-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /mutate-network-openstack-org-v1beta1-reservation +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: '{{ .OperatorNamespace }}/infra-operator-serving-cert' + creationTimestamp: null + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: openstack-operator + app.kubernetes.io/instance: validating-webhook-configuration + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: validatingwebhookconfiguration + app.kubernetes.io/part-of: infra-operator + name: infra-operator-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + failurePolicy: Fail + name: vdnsmasq.kb.io + rules: + - apiGroups: + - network.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - dnsmasqs + sideEffects: None + clientConfig: + service: + name: infra-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /validate-network-openstack-org-v1beta1-dnsmasq +- admissionReviewVersions: + - v1 + failurePolicy: Fail + name: vinstanceha.kb.io + rules: + - apiGroups: + - client.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - instancehas + sideEffects: None + clientConfig: + service: + name: infra-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /validate-client-openstack-org-v1beta1-instanceha +- admissionReviewVersions: + - v1 + failurePolicy: Fail + name: vipset.kb.io + rules: + - apiGroups: + - network.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ipsets + sideEffects: None + clientConfig: + service: + name: infra-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /validate-network-openstack-org-v1beta1-ipset +- admissionReviewVersions: + - v1 + failurePolicy: Fail + name: vmemcached.kb.io + rules: + - apiGroups: + - memcached.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - memcacheds + sideEffects: None + clientConfig: + service: + name: infra-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /validate-memcached-openstack-org-v1beta1-memcached +- admissionReviewVersions: + - v1 + failurePolicy: Fail + name: vnetconfig.kb.io + rules: + - apiGroups: + - network.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - netconfigs + sideEffects: None + clientConfig: + service: + name: infra-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /validate-network-openstack-org-v1beta1-netconfig +- admissionReviewVersions: + - v1 + failurePolicy: Fail + name: vredis.kb.io + rules: + - apiGroups: + - redis.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - redises + sideEffects: None + clientConfig: + service: + name: infra-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /validate-redis-openstack-org-v1beta1-redis +- admissionReviewVersions: + - v1 + failurePolicy: Fail + name: vreservation.kb.io + rules: + - apiGroups: + - network.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - reservations + sideEffects: None + clientConfig: + service: + name: infra-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /validate-network-openstack-org-v1beta1-reservation diff --git a/bindata/operator/managers.yaml b/bindata/operator/managers.yaml new file mode 100644 index 000000000..cb8f3bc5d --- /dev/null +++ b/bindata/operator/managers.yaml @@ -0,0 +1,99 @@ +{{ $namespace := .OperatorNamespace }} +{{ range $operatorName, $operatorImage := .OperatorImages }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + openstack.org/operator-name: {{ $operatorName }} + name: {{ $operatorName }}-operator-controller-manager + namespace: {{ $namespace }} +spec: + replicas: 1 + selector: + matchLabels: + openstack.org/operator-name: {{ $operatorName }} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + openstack.org/operator-name: {{ $operatorName }} + spec: + containers: + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + env: + - name: ENABLE_WEBHOOKS +{{ if eq $operatorName "infra" }} + value: 'true' +{{ else }} + value: 'false' +{{ end }} + image: {{ $operatorImage }} + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false +{{ if eq $operatorName "infra" }} + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true +{{ end }} + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: {{ $operatorName }}-operator-controller-manager + terminationGracePeriodSeconds: 10 +{{ if eq $operatorName "infra" }} + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: {{ $operatorName }}-operator-webhook-server-cert +{{ end }} +--- +{{ end }} diff --git a/bindata/operator/operator.yaml b/bindata/operator/operator.yaml new file mode 100644 index 000000000..45e454491 --- /dev/null +++ b/bindata/operator/operator.yaml @@ -0,0 +1,610 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + openstack.org/operator-name: openstack + name: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: 40ba705e.openstack.org +kind: ConfigMap +metadata: + name: openstack-operator-manager-config + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: openstack-operator + app.kubernetes.io/instance: webhook-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: openstack-operator + name: openstack-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + openstack.org/operator-name: openstack +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + openstack.org/operator-name: openstack + name: openstack-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +spec: + replicas: 1 + selector: + matchLabels: + openstack.org/operator-name: openstack + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + openstack.org/operator-name: openstack + spec: + containers: + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + env: + - name: RELATED_IMAGE_AGENT_IMAGE_URL_DEFAULT + value: quay.io/openstack-k8s-operators/openstack-baremetal-operator-agent:latest + - name: RELATED_IMAGE_ANSIBLEEE_IMAGE_URL_DEFAULT + value: quay.io/openstack-k8s-operators/openstack-ansibleee-runner:latest + - name: RELATED_IMAGE_AODH_API_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-aodh-api:current-podified + - name: RELATED_IMAGE_AODH_EVALUATOR_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-aodh-evaluator:current-podified + - name: RELATED_IMAGE_AODH_LISTENER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-aodh-listener:current-podified + - name: RELATED_IMAGE_AODH_NOTIFIER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-aodh-notifier:current-podified + - name: RELATED_IMAGE_APACHE_IMAGE_URL_DEFAULT + value: registry.redhat.io/ubi9/httpd-24:latest + - name: RELATED_IMAGE_BARBICAN_API_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-barbican-api:current-podified + - name: RELATED_IMAGE_BARBICAN_KEYSTONE_LISTENER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-barbican-keystone-listener:current-podified + - name: RELATED_IMAGE_BARBICAN_WORKER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-barbican-worker:current-podified + - name: RELATED_IMAGE_CEILOMETER_CENTRAL_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ceilometer-central:current-podified + - name: RELATED_IMAGE_CEILOMETER_COMPUTE_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ceilometer-compute:current-podified + - name: RELATED_IMAGE_CEILOMETER_IPMI_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ceilometer-ipmi:current-podified + - name: RELATED_IMAGE_CEILOMETER_NOTIFICATION_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ceilometer-notification:current-podified + - name: RELATED_IMAGE_CEILOMETER_SGCORE_IMAGE_URL_DEFAULT + value: quay.io/openstack-k8s-operators/sg-core:v6.0.0 + - name: RELATED_IMAGE_CINDER_API_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-cinder-api:current-podified + - name: RELATED_IMAGE_CINDER_BACKUP_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-cinder-backup:current-podified + - name: RELATED_IMAGE_CINDER_SCHEDULER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-cinder-scheduler:current-podified + - name: RELATED_IMAGE_CINDER_VOLUME_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-cinder-volume:current-podified + - name: RELATED_IMAGE_DESIGNATE_API_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-designate-api:current-podified + - name: RELATED_IMAGE_DESIGNATE_BACKENDBIND9_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-designate-backend-bind9:current-podified + - name: RELATED_IMAGE_DESIGNATE_CENTRAL_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-designate-central:current-podified + - name: RELATED_IMAGE_DESIGNATE_MDNS_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-designate-mdns:current-podified + - name: RELATED_IMAGE_DESIGNATE_PRODUCER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-designate-producer:current-podified + - name: RELATED_IMAGE_DESIGNATE_UNBOUND_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-unbound:current-podified + - name: RELATED_IMAGE_DESIGNATE_WORKER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-designate-worker:current-podified + - name: RELATED_IMAGE_EDPM_FRR_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-frr:current-podified + - name: RELATED_IMAGE_EDPM_ISCSID_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-iscsid:current-podified + - name: RELATED_IMAGE_EDPM_LOGROTATE_CROND_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-cron:current-podified + - name: RELATED_IMAGE_EDPM_MULTIPATHD_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-multipathd:current-podified + - name: RELATED_IMAGE_EDPM_NEUTRON_DHCP_AGENT_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-neutron-dhcp-agent:current-podified + - name: RELATED_IMAGE_EDPM_NEUTRON_METADATA_AGENT_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-neutron-metadata-agent-ovn:current-podified + - name: RELATED_IMAGE_EDPM_NEUTRON_OVN_AGENT_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-neutron-ovn-agent:current-podified + - name: RELATED_IMAGE_EDPM_NEUTRON_SRIOV_AGENT_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-neutron-sriov-agent:current-podified + - name: RELATED_IMAGE_EDPM_NODE_EXPORTER_IMAGE_URL_DEFAULT + value: quay.io/prometheus/node-exporter:v1.5.0 + - name: RELATED_IMAGE_EDPM_KEPLER_IMAGE_URL_DEFAULT + value: quay.io/sustainable_computing_io/kepler:release-0.7.12 + - name: RELATED_IMAGE_EDPM_OVN_BGP_AGENT_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ovn-bgp-agent:current-podified + - name: RELATED_IMAGE_GLANCE_API_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-glance-api:current-podified + - name: RELATED_IMAGE_HEAT_API_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-heat-api:current-podified + - name: RELATED_IMAGE_HEAT_CFNAPI_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-heat-api-cfn:current-podified + - name: RELATED_IMAGE_HEAT_ENGINE_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-heat-engine:current-podified + - name: RELATED_IMAGE_HORIZON_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-horizon:current-podified + - name: RELATED_IMAGE_INFRA_MEMCACHED_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-memcached:current-podified + - name: RELATED_IMAGE_INFRA_REDIS_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-redis:current-podified + - name: RELATED_IMAGE_IRONIC_API_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ironic-api:current-podified + - name: RELATED_IMAGE_IRONIC_CONDUCTOR_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ironic-conductor:current-podified + - name: RELATED_IMAGE_IRONIC_INSPECTOR_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ironic-inspector:current-podified + - name: RELATED_IMAGE_IRONIC_NEUTRON_AGENT_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ironic-neutron-agent:current-podified + - name: RELATED_IMAGE_IRONIC_PXE_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ironic-pxe:current-podified + - name: RELATED_IMAGE_IRONIC_PYTHON_AGENT_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/ironic-python-agent:current-podified + - name: RELATED_IMAGE_KEYSTONE_API_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-keystone:current-podified + - name: RELATED_IMAGE_MANILA_API_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-manila-api:current-podified + - name: RELATED_IMAGE_MANILA_SCHEDULER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-manila-scheduler:current-podified + - name: RELATED_IMAGE_MANILA_SHARE_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-manila-share:current-podified + - name: RELATED_IMAGE_MARIADB_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-mariadb:current-podified + - name: RELATED_IMAGE_NEUTRON_API_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-neutron-server:current-podified + - name: RELATED_IMAGE_NOVA_API_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-nova-api:current-podified + - name: RELATED_IMAGE_NOVA_COMPUTE_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-nova-compute:current-podified + - name: RELATED_IMAGE_NOVA_CONDUCTOR_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-nova-conductor:current-podified + - name: RELATED_IMAGE_NOVA_NOVNC_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-nova-novncproxy:current-podified + - name: RELATED_IMAGE_NOVA_SCHEDULER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-nova-scheduler:current-podified + - name: RELATED_IMAGE_OCTAVIA_API_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-octavia-api:current-podified + - name: RELATED_IMAGE_OCTAVIA_HEALTHMANAGER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-octavia-health-manager:current-podified + - name: RELATED_IMAGE_OCTAVIA_HOUSEKEEPING_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-octavia-housekeeping:current-podified + - name: RELATED_IMAGE_OCTAVIA_WORKER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-octavia-worker:current-podified + - name: RELATED_IMAGE_OPENSTACK_CLIENT_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-openstackclient:current-podified + - name: RELATED_IMAGE_OS_CONTAINER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/edpm-hardened-uefi:current-podified + - name: RELATED_IMAGE_OVN_CONTROLLER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ovn-controller:current-podified + - name: RELATED_IMAGE_OVN_CONTROLLER_OVS_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ovn-base:current-podified + - name: RELATED_IMAGE_OVN_NB_DBCLUSTER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ovn-nb-db-server:current-podified + - name: RELATED_IMAGE_OVN_NORTHD_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ovn-northd:current-podified + - name: RELATED_IMAGE_OVN_SB_DBCLUSTER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ovn-sb-db-server:current-podified + - name: RELATED_IMAGE_PLACEMENT_API_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-placement-api:current-podified + - name: RELATED_IMAGE_RABBITMQ_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-rabbitmq:current-podified + - name: RELATED_IMAGE_SWIFT_ACCOUNT_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-swift-account:current-podified + - name: RELATED_IMAGE_SWIFT_CONTAINER_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-swift-container:current-podified + - name: RELATED_IMAGE_SWIFT_OBJECT_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-swift-object:current-podified + - name: RELATED_IMAGE_SWIFT_PROXY_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-swift-proxy-server:current-podified + - name: RELATED_IMAGE_TEST_TEMPEST_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-tempest-all:current-podified + - name: RELATED_IMAGE_TEST_TOBIKO_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-tobiko:current-podified + - name: RELATED_IMAGE_TEST_ANSIBLETEST_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-ansible-tests:current-podified + - name: RELATED_IMAGE_TEST_HORIZONTEST_IMAGE_URL_DEFAULT + value: quay.io/podified-antelope-centos9/openstack-horizontest:current-podified + - name: RELATED_IMAGE_OPENSTACK_MUST_GATHER_DEFAULT + value: quay.io/openstack-k8s-operators/openstack-must-gather:latest + - name: OPENSTACK_RELEASE_VERSION + value: '{{ .OpenstackReleaseVersion }}' + image: '{{ .OperatorImage }}' + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: openstack-operator-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + app.kubernetes.io/component: certificate + app.kubernetes.io/created-by: openstack-operator + app.kubernetes.io/instance: serving-cert + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: certificate + app.kubernetes.io/part-of: openstack-operator + name: openstack-operator-serving-cert + namespace: '{{ .OperatorNamespace }}' +spec: + dnsNames: + - openstack-operator-webhook-service.{{ .OperatorNamespace }}.svc + - openstack-operator-webhook-service.{{ .OperatorNamespace }}.svc.cluster.local + issuerRef: + kind: Issuer + name: openstack-operator-selfsigned-issuer + secretName: webhook-server-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/component: certificate + app.kubernetes.io/created-by: openstack-operator + app.kubernetes.io/instance: selfsigned-issuer + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: issuer + app.kubernetes.io/part-of: openstack-operator + name: openstack-operator-selfsigned-issuer + namespace: '{{ .OperatorNamespace }}' +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: '{{ .OperatorNamespace }}/openstack-operator-serving-cert' + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: openstack-operator + app.kubernetes.io/instance: mutating-webhook-configuration + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: mutatingingwebhookconfiguration + app.kubernetes.io/part-of: openstack-operator + name: openstack-operator-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: openstack-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /mutate-client-openstack-org-v1beta1-openstackclient + failurePolicy: Fail + name: mopenstackclient.kb.io + rules: + - apiGroups: + - client.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - openstackclients + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: openstack-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /mutate-core-openstack-org-v1beta1-openstackcontrolplane + failurePolicy: Fail + name: mopenstackcontrolplane.kb.io + rules: + - apiGroups: + - core.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - openstackcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: openstack-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /mutate-core-openstack-org-v1beta1-openstackversion + failurePolicy: Fail + name: mopenstackversion.kb.io + rules: + - apiGroups: + - core.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - openstackversions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: openstack-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /mutate-dataplane-openstack-org-v1beta1-openstackdataplanedeployment + failurePolicy: Fail + name: mopenstackdataplanedeployment.kb.io + rules: + - apiGroups: + - dataplane.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - openstackdataplanedeployments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: openstack-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /mutate-dataplane-openstack-org-v1beta1-openstackdataplanenodeset + failurePolicy: Fail + name: mopenstackdataplanenodeset.kb.io + rules: + - apiGroups: + - dataplane.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - openstackdataplanenodesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: openstack-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /mutate-dataplane-openstack-org-v1beta1-openstackdataplaneservice + failurePolicy: Fail + name: mopenstackdataplaneservice.kb.io + rules: + - apiGroups: + - dataplane.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - openstackdataplaneservices + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: '{{ .OperatorNamespace }}/openstack-operator-serving-cert' + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: openstack-operator + app.kubernetes.io/instance: validating-webhook-configuration + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: validatingwebhookconfiguration + app.kubernetes.io/part-of: openstack-operator + name: openstack-operator-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: openstack-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /validate-client-openstack-org-v1beta1-openstackclient + failurePolicy: Fail + name: vopenstackclient.kb.io + rules: + - apiGroups: + - client.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - openstackclients + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: openstack-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /validate-core-openstack-org-v1beta1-openstackcontrolplane + failurePolicy: Fail + name: vopenstackcontrolplane.kb.io + rules: + - apiGroups: + - core.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - openstackcontrolplanes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: openstack-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /validate-core-openstack-org-v1beta1-openstackversion + failurePolicy: Fail + name: vopenstackversion.kb.io + rules: + - apiGroups: + - core.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - openstackversions + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: openstack-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /validate-dataplane-openstack-org-v1beta1-openstackdataplanedeployment + failurePolicy: Fail + name: vopenstackdataplanedeployment.kb.io + rules: + - apiGroups: + - dataplane.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - openstackdataplanedeployments + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: openstack-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /validate-dataplane-openstack-org-v1beta1-openstackdataplanenodeset + failurePolicy: Fail + name: vopenstackdataplanenodeset.kb.io + rules: + - apiGroups: + - dataplane.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - openstackdataplanenodesets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: openstack-operator-webhook-service + namespace: '{{ .OperatorNamespace }}' + path: /validate-dataplane-openstack-org-v1beta1-openstackdataplaneservice + failurePolicy: Fail + name: vopenstackdataplaneservice.kb.io + rules: + - apiGroups: + - dataplane.openstack.org + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - openstackdataplaneservices + sideEffects: None diff --git a/bindata/operator/rabbit.yaml b/bindata/operator/rabbit.yaml new file mode 100644 index 000000000..f79da0e6c --- /dev/null +++ b/bindata/operator/rabbit.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/name: rabbitmq-cluster-operator + app.kubernetes.io/part-of: rabbitmq + name: rabbitmq-cluster-operator-manager + namespace: {{ .OperatorNamespace }} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: rabbitmq-cluster-operator + template: + metadata: + labels: + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/name: rabbitmq-cluster-operator + app.kubernetes.io/part-of: rabbitmq + spec: + containers: + - command: + - /manager + env: + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: {{ .RabbitmqImage }} + name: operator + ports: + - containerPort: 9782 + name: metrics + protocol: TCP + resources: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 5m + memory: 64Mi + serviceAccountName: rabbitmq-cluster-operator-controller-manager + terminationGracePeriodSeconds: 10 diff --git a/bindata/rbac/barbican-operator-rbac.yaml b/bindata/rbac/barbican-operator-rbac.yaml new file mode 100644 index 000000000..11d222396 --- /dev/null +++ b/bindata/rbac/barbican-operator-rbac.yaml @@ -0,0 +1,423 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: barbican-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: barbican-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: barbican-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - barbican.openstack.org + resources: + - barbicanapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - barbican.openstack.org + resources: + - barbicanapis/finalizers + verbs: + - patch + - update +- apiGroups: + - barbican.openstack.org + resources: + - barbicanapis/status + verbs: + - get + - patch + - update +- apiGroups: + - barbican.openstack.org + resources: + - barbicankeystonelisteners + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - barbican.openstack.org + resources: + - barbicankeystonelisteners/finalizers + verbs: + - patch + - update +- apiGroups: + - barbican.openstack.org + resources: + - barbicankeystonelisteners/status + verbs: + - get + - patch + - update +- apiGroups: + - barbican.openstack.org + resources: + - barbicans + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - barbican.openstack.org + resources: + - barbicans/finalizers + verbs: + - patch + - update +- apiGroups: + - barbican.openstack.org + resources: + - barbicans/status + verbs: + - get + - patch + - update +- apiGroups: + - barbican.openstack.org + resources: + - barbicanworkers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - barbican.openstack.org + resources: + - barbicanworkers/finalizers + verbs: + - patch + - update +- apiGroups: + - barbican.openstack.org + resources: + - barbicanworkers/status + verbs: + - get + - patch + - update +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts/finalizers + verbs: + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rabbitmq.openstack.org + resources: + - transporturls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: barbican-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: barbican-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: barbican-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: barbican-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: barbican-operator-manager-role +subjects: +- kind: ServiceAccount + name: barbican-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: barbican-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: barbican-operator-proxy-role +subjects: +- kind: ServiceAccount + name: barbican-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: barbican-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: barbican-operator diff --git a/bindata/rbac/cinder-operator-rbac.yaml b/bindata/rbac/cinder-operator-rbac.yaml new file mode 100644 index 000000000..a805053c3 --- /dev/null +++ b/bindata/rbac/cinder-operator-rbac.yaml @@ -0,0 +1,467 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cinder-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cinder-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: cinder-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cinder.openstack.org + resources: + - cinderapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cinder.openstack.org + resources: + - cinderapis/finalizers + verbs: + - patch + - update +- apiGroups: + - cinder.openstack.org + resources: + - cinderapis/status + verbs: + - get + - patch + - update +- apiGroups: + - cinder.openstack.org + resources: + - cinderbackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cinder.openstack.org + resources: + - cinderbackups/finalizers + verbs: + - patch + - update +- apiGroups: + - cinder.openstack.org + resources: + - cinderbackups/status + verbs: + - get + - patch + - update +- apiGroups: + - cinder.openstack.org + resources: + - cinders + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cinder.openstack.org + resources: + - cinders/finalizers + verbs: + - patch + - update +- apiGroups: + - cinder.openstack.org + resources: + - cinders/status + verbs: + - get + - patch + - update +- apiGroups: + - cinder.openstack.org + resources: + - cinderschedulers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cinder.openstack.org + resources: + - cinderschedulers/finalizers + verbs: + - patch + - update +- apiGroups: + - cinder.openstack.org + resources: + - cinderschedulers/status + verbs: + - get + - patch + - update +- apiGroups: + - cinder.openstack.org + resources: + - cindervolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cinder.openstack.org + resources: + - cindervolumes/finalizers + verbs: + - patch + - update +- apiGroups: + - cinder.openstack.org + resources: + - cindervolumes/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts/finalizers + verbs: + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds + verbs: + - get + - list + - watch +- apiGroups: + - rabbitmq.openstack.org + resources: + - transporturls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + - privileged + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cinder-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cinder-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: cinder-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cinder-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cinder-operator-manager-role +subjects: +- kind: ServiceAccount + name: cinder-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cinder-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cinder-operator-proxy-role +subjects: +- kind: ServiceAccount + name: cinder-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: cinder-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: cinder-operator diff --git a/bindata/rbac/designate-operator-rbac.yaml b/bindata/rbac/designate-operator-rbac.yaml new file mode 100644 index 000000000..3b1ce4852 --- /dev/null +++ b/bindata/rbac/designate-operator-rbac.yaml @@ -0,0 +1,576 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: designate-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: designate-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: designate-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - designate.openstack.org + resources: + - designateapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - designate.openstack.org + resources: + - designateapis/finalizers + verbs: + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designateapis/status + verbs: + - get + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designatebackendbind9s + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - designate.openstack.org + resources: + - designatebackendbind9s/finalizers + verbs: + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designatebackendbind9s/status + verbs: + - get + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designatecentrals + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - designate.openstack.org + resources: + - designatecentrals/finalizers + verbs: + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designatecentrals/status + verbs: + - get + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designatemdnses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - designate.openstack.org + resources: + - designatemdnses/finalizers + verbs: + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designatemdnses/status + verbs: + - get + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designateproducers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - designate.openstack.org + resources: + - designateproducers/finalizers + verbs: + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designateproducers/status + verbs: + - get + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - designate.openstack.org + resources: + - designates/finalizers + verbs: + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designates/status + verbs: + - get + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designateunbounds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - designate.openstack.org + resources: + - designateunbounds/finalizers + verbs: + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designateunbounds/status + verbs: + - get + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designateworkers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - designate.openstack.org + resources: + - designateworkers/finalizers + verbs: + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designateworkers/status + verbs: + - get + - patch + - update +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts/finalizers + verbs: + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rabbitmq.openstack.org + resources: + - transporturls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - redis.openstack.org + resources: + - redises + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + - privileged + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: designate-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: designate-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: designate-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: designate-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: designate-operator-manager-role +subjects: +- kind: ServiceAccount + name: designate-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: designate-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: designate-operator-proxy-role +subjects: +- kind: ServiceAccount + name: designate-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: designate-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: designate-operator diff --git a/bindata/rbac/glance-operator-rbac.yaml b/bindata/rbac/glance-operator-rbac.yaml new file mode 100644 index 000000000..dba6d617f --- /dev/null +++ b/bindata/rbac/glance-operator-rbac.yaml @@ -0,0 +1,402 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: glance-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: glance-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: glance-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cinder.openstack.org + resources: + - cinders + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - glance.openstack.org + resources: + - glanceapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - glance.openstack.org + resources: + - glanceapis/finalizers + verbs: + - patch + - update +- apiGroups: + - glance.openstack.org + resources: + - glanceapis/status + verbs: + - get + - patch + - update +- apiGroups: + - glance.openstack.org + resources: + - glances + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - glance.openstack.org + resources: + - glances/finalizers + verbs: + - patch + - update +- apiGroups: + - glance.openstack.org + resources: + - glances/status + verbs: + - get + - patch + - update +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts/finalizers + verbs: + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + - privileged + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: glance-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: glance-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: glance-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: glance-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: glance-operator-manager-role +subjects: +- kind: ServiceAccount + name: glance-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: glance-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: glance-operator-proxy-role +subjects: +- kind: ServiceAccount + name: glance-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: glance-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: glance-operator diff --git a/bindata/rbac/heat-operator-rbac.yaml b/bindata/rbac/heat-operator-rbac.yaml new file mode 100644 index 000000000..2546cf3c0 --- /dev/null +++ b/bindata/rbac/heat-operator-rbac.yaml @@ -0,0 +1,424 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: heat-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: heat-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: heat-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - heat.openstack.org + resources: + - heatapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - heat.openstack.org + resources: + - heatapis/finalizers + verbs: + - patch + - update +- apiGroups: + - heat.openstack.org + resources: + - heatapis/status + verbs: + - get + - patch + - update +- apiGroups: + - heat.openstack.org + resources: + - heatcfnapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - heat.openstack.org + resources: + - heatcfnapis/finalizers + verbs: + - patch + - update +- apiGroups: + - heat.openstack.org + resources: + - heatcfnapis/status + verbs: + - get + - patch + - update +- apiGroups: + - heat.openstack.org + resources: + - heatengines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - heat.openstack.org + resources: + - heatengines/finalizers + verbs: + - patch + - update +- apiGroups: + - heat.openstack.org + resources: + - heatengines/status + verbs: + - get + - patch + - update +- apiGroups: + - heat.openstack.org + resources: + - heats + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - heat.openstack.org + resources: + - heats/finalizers + verbs: + - patch + - update +- apiGroups: + - heat.openstack.org + resources: + - heats/status + verbs: + - get + - patch + - update +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts/finalizers + verbs: + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds + verbs: + - get + - list + - watch +- apiGroups: + - rabbitmq.openstack.org + resources: + - transporturls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: heat-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: heat-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: heat-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: heat-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: heat-operator-manager-role +subjects: +- kind: ServiceAccount + name: heat-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: heat-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: heat-operator-proxy-role +subjects: +- kind: ServiceAccount + name: heat-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: heat-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: heat-operator diff --git a/bindata/rbac/horizon-operator-rbac.yaml b/bindata/rbac/horizon-operator-rbac.yaml new file mode 100644 index 000000000..709be2a9a --- /dev/null +++ b/bindata/rbac/horizon-operator-rbac.yaml @@ -0,0 +1,280 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: horizon-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: horizon-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: horizon-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - horizon.openstack.org + resources: + - horizons + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - horizon.openstack.org + resources: + - horizons/finalizers + verbs: + - patch + - update +- apiGroups: + - horizon.openstack.org + resources: + - horizons/status + verbs: + - get + - patch + - update +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints + verbs: + - get + - list + - watch +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: horizon-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: horizon-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: horizon-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: horizon-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: horizon-operator-manager-role +subjects: +- kind: ServiceAccount + name: horizon-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: horizon-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: horizon-operator-proxy-role +subjects: +- kind: ServiceAccount + name: horizon-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: horizon-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: horizon-operator diff --git a/bindata/rbac/infra-operator-rbac.yaml b/bindata/rbac/infra-operator-rbac.yaml new file mode 100644 index 000000000..e72548490 --- /dev/null +++ b/bindata/rbac/infra-operator-rbac.yaml @@ -0,0 +1,551 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: infra-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: infra-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: infra-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - frrk8s.metallb.io + resources: + - frrconfigurations + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - instanceha.openstack.org + resources: + - instancehas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - instanceha.openstack.org + resources: + - instancehas/finalizers + verbs: + - patch + - update +- apiGroups: + - instanceha.openstack.org + resources: + - instancehas/status + verbs: + - get + - patch + - update +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds/finalizers + verbs: + - patch + - update +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds/status + verbs: + - get + - patch + - update +- apiGroups: + - network.openstack.org + resources: + - bgpconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.openstack.org + resources: + - bgpconfigurations/finalizers + verbs: + - update +- apiGroups: + - network.openstack.org + resources: + - bgpconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - network.openstack.org + resources: + - dnsdata + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.openstack.org + resources: + - dnsdata/finalizers + verbs: + - patch + - update +- apiGroups: + - network.openstack.org + resources: + - dnsdata/status + verbs: + - get + - patch + - update +- apiGroups: + - network.openstack.org + resources: + - dnsdatas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.openstack.org + resources: + - dnsmasqs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.openstack.org + resources: + - dnsmasqs/finalizers + verbs: + - patch + - update +- apiGroups: + - network.openstack.org + resources: + - dnsmasqs/status + verbs: + - get + - patch + - update +- apiGroups: + - network.openstack.org + resources: + - ipsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.openstack.org + resources: + - ipsets/finalizers + verbs: + - patch + - update +- apiGroups: + - network.openstack.org + resources: + - ipsets/status + verbs: + - get + - patch + - update +- apiGroups: + - network.openstack.org + resources: + - netconfigs + verbs: + - get + - list + - watch +- apiGroups: + - network.openstack.org + resources: + - reservations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.openstack.org + resources: + - reservations/finalizers + verbs: + - patch + - update +- apiGroups: + - network.openstack.org + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.openstack.org + resources: + - services/finalizers + verbs: + - patch + - update +- apiGroups: + - network.openstack.org + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters + verbs: + - get + - list + - watch +- apiGroups: + - rabbitmq.openstack.org + resources: + - transporturls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rabbitmq.openstack.org + resources: + - transporturls/finalizers + verbs: + - update +- apiGroups: + - rabbitmq.openstack.org + resources: + - transporturls/status + verbs: + - get + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - redis.openstack.org + resources: + - redises + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - redis.openstack.org + resources: + - redises/finalizers + verbs: + - update +- apiGroups: + - redis.openstack.org + resources: + - redises/status + verbs: + - get + - patch + - update +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: infra-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: infra-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: infra-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: infra-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: infra-operator-manager-role +subjects: +- kind: ServiceAccount + name: infra-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: infra-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: infra-operator-proxy-role +subjects: +- kind: ServiceAccount + name: infra-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: infra-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: infra-operator diff --git a/bindata/rbac/ironic-operator-rbac.yaml b/bindata/rbac/ironic-operator-rbac.yaml new file mode 100644 index 000000000..2882763e2 --- /dev/null +++ b/bindata/rbac/ironic-operator-rbac.yaml @@ -0,0 +1,502 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ironic-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ironic-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: ironic-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ironic.openstack.org + resources: + - ironicapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ironic.openstack.org + resources: + - ironicapis/finalizers + verbs: + - patch + - update +- apiGroups: + - ironic.openstack.org + resources: + - ironicapis/status + verbs: + - get + - patch + - update +- apiGroups: + - ironic.openstack.org + resources: + - ironicconductors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ironic.openstack.org + resources: + - ironicconductors/finalizers + verbs: + - patch + - update +- apiGroups: + - ironic.openstack.org + resources: + - ironicconductors/status + verbs: + - get + - patch + - update +- apiGroups: + - ironic.openstack.org + resources: + - ironicinspectors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ironic.openstack.org + resources: + - ironicinspectors/finalizers + verbs: + - patch + - update +- apiGroups: + - ironic.openstack.org + resources: + - ironicinspectors/status + verbs: + - get + - patch + - update +- apiGroups: + - ironic.openstack.org + resources: + - ironicneutronagents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ironic.openstack.org + resources: + - ironicneutronagents/finalizers + verbs: + - patch + - update +- apiGroups: + - ironic.openstack.org + resources: + - ironicneutronagents/status + verbs: + - get + - patch + - update +- apiGroups: + - ironic.openstack.org + resources: + - ironics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ironic.openstack.org + resources: + - ironics/finalizers + verbs: + - patch + - update +- apiGroups: + - ironic.openstack.org + resources: + - ironics/status + verbs: + - get + - patch + - update +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts/finalizers + verbs: + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operator.openshift.io + resources: + - ingresscontrollers + verbs: + - get + - list +- apiGroups: + - rabbitmq.openstack.org + resources: + - transporturls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + - privileged + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ironic-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ironic-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: ironic-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ironic-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ironic-operator-manager-role +subjects: +- kind: ServiceAccount + name: ironic-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ironic-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ironic-operator-proxy-role +subjects: +- kind: ServiceAccount + name: ironic-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: ironic-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: ironic-operator diff --git a/bindata/rbac/keystone-operator-rbac.yaml b/bindata/rbac/keystone-operator-rbac.yaml new file mode 100644 index 000000000..6bc45a7fe --- /dev/null +++ b/bindata/rbac/keystone-operator-rbac.yaml @@ -0,0 +1,406 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: keystone-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: keystone-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: keystone-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis/finalizers + verbs: + - patch + - update +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis/status + verbs: + - get + - patch + - update +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints/finalizers + verbs: + - patch + - update +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices/finalizers + verbs: + - patch + - update +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices/status + verbs: + - get + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts/finalizers + verbs: + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds/finalizers + verbs: + - patch + - update +- apiGroups: + - rabbitmq.openstack.org + resources: + - transporturls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: keystone-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: keystone-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: keystone-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: keystone-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: keystone-operator-manager-role +subjects: +- kind: ServiceAccount + name: keystone-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: keystone-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: keystone-operator-proxy-role +subjects: +- kind: ServiceAccount + name: keystone-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: keystone-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: keystone-operator diff --git a/bindata/rbac/manila-operator-rbac.yaml b/bindata/rbac/manila-operator-rbac.yaml new file mode 100644 index 000000000..0dbfa745a --- /dev/null +++ b/bindata/rbac/manila-operator-rbac.yaml @@ -0,0 +1,459 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: manila-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: manila-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: manila-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - manila.openstack.org + resources: + - manilaapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - manila.openstack.org + resources: + - manilaapis/finalizers + verbs: + - patch + - update +- apiGroups: + - manila.openstack.org + resources: + - manilaapis/status + verbs: + - get + - patch + - update +- apiGroups: + - manila.openstack.org + resources: + - manilas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - manila.openstack.org + resources: + - manilas/finalizers + verbs: + - patch + - update +- apiGroups: + - manila.openstack.org + resources: + - manilas/status + verbs: + - get + - patch + - update +- apiGroups: + - manila.openstack.org + resources: + - manilaschedulers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - manila.openstack.org + resources: + - manilaschedulers/finalizers + verbs: + - patch + - update +- apiGroups: + - manila.openstack.org + resources: + - manilaschedulers/status + verbs: + - get + - patch + - update +- apiGroups: + - manila.openstack.org + resources: + - manilashares + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - manila.openstack.org + resources: + - manilashares/finalizers + verbs: + - patch + - update +- apiGroups: + - manila.openstack.org + resources: + - manilashares/status + verbs: + - get + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts/finalizers + verbs: + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases/finalizers + verbs: + - patch + - update +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds + verbs: + - get + - list + - watch +- apiGroups: + - rabbitmq.openstack.org + resources: + - transporturls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + - privileged + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manila-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: manila-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: manila-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manila-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manila-operator-manager-role +subjects: +- kind: ServiceAccount + name: manila-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manila-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manila-operator-proxy-role +subjects: +- kind: ServiceAccount + name: manila-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: manila-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: manila-operator diff --git a/bindata/rbac/mariadb-operator-rbac.yaml b/bindata/rbac/mariadb-operator-rbac.yaml new file mode 100644 index 000000000..22f8e95df --- /dev/null +++ b/bindata/rbac/mariadb-operator-rbac.yaml @@ -0,0 +1,365 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mariadb-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: mariadb-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: mariadb-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - galeras + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - galeras/finalizers + verbs: + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - galeras/status + verbs: + - get + - list + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts/finalizers + verbs: + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts/status + verbs: + - get + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases/finalizers + verbs: + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases/status + verbs: + - get + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: mariadb-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: mariadb-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: mariadb-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: mariadb-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: mariadb-operator-manager-role +subjects: +- kind: ServiceAccount + name: mariadb-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: mariadb-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: mariadb-operator-proxy-role +subjects: +- kind: ServiceAccount + name: mariadb-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: mariadb-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: mariadb-operator diff --git a/bindata/rbac/neutron-operator-rbac.yaml b/bindata/rbac/neutron-operator-rbac.yaml new file mode 100644 index 000000000..775bfb8ae --- /dev/null +++ b/bindata/rbac/neutron-operator-rbac.yaml @@ -0,0 +1,354 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: neutron-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: neutron-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: neutron-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts/finalizers + verbs: + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds + verbs: + - get + - list + - watch +- apiGroups: + - neutron.openstack.org + resources: + - neutronapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - neutron.openstack.org + resources: + - neutronapis/finalizers + verbs: + - patch + - update +- apiGroups: + - neutron.openstack.org + resources: + - neutronapis/status + verbs: + - get + - patch + - update +- apiGroups: + - ovn.openstack.org + resources: + - ovndbclusters + verbs: + - get + - list + - watch +- apiGroups: + - rabbitmq.openstack.org + resources: + - transporturls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: neutron-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: neutron-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: neutron-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: neutron-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: neutron-operator-manager-role +subjects: +- kind: ServiceAccount + name: neutron-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: neutron-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: neutron-operator-proxy-role +subjects: +- kind: ServiceAccount + name: neutron-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: neutron-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: neutron-operator diff --git a/bindata/rbac/nova-operator-rbac.yaml b/bindata/rbac/nova-operator-rbac.yaml new file mode 100644 index 000000000..f8236d207 --- /dev/null +++ b/bindata/rbac/nova-operator-rbac.yaml @@ -0,0 +1,575 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nova-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: nova-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: nova-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts/finalizers + verbs: + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases/finalizers + verbs: + - patch + - update +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds/finalizers + verbs: + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - nova + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - nova.openstack.org + resources: + - nova/finalizers + verbs: + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - nova/status + verbs: + - get + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - novaapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - nova.openstack.org + resources: + - novaapis/finalizers + verbs: + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - novaapis/status + verbs: + - get + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - novacells + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - nova.openstack.org + resources: + - novacells/finalizers + verbs: + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - novacells/status + verbs: + - get + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - novacomputes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - nova.openstack.org + resources: + - novacomputes/finalizers + verbs: + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - novacomputes/status + verbs: + - get + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - novaconductors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - nova.openstack.org + resources: + - novaconductors/finalizers + verbs: + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - novaconductors/status + verbs: + - get + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - novametadata + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - nova.openstack.org + resources: + - novametadata/finalizers + verbs: + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - novametadata/status + verbs: + - get + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - novanovncproxies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - nova.openstack.org + resources: + - novanovncproxies/finalizers + verbs: + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - novanovncproxies/status + verbs: + - get + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - novaschedulers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - nova.openstack.org + resources: + - novaschedulers/finalizers + verbs: + - patch + - update +- apiGroups: + - nova.openstack.org + resources: + - novaschedulers/status + verbs: + - get + - patch + - update +- apiGroups: + - rabbitmq.openstack.org + resources: + - transporturls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: nova-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nova-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: nova-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: nova-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nova-operator-manager-role +subjects: +- kind: ServiceAccount + name: nova-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: nova-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nova-operator-proxy-role +subjects: +- kind: ServiceAccount + name: nova-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: nova-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: nova-operator diff --git a/bindata/rbac/octavia-operator-rbac.yaml b/bindata/rbac/octavia-operator-rbac.yaml new file mode 100644 index 000000000..76e15796f --- /dev/null +++ b/bindata/rbac/octavia-operator-rbac.yaml @@ -0,0 +1,479 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: octavia-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: octavia-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: octavia-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - daemonsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts/finalizers + verbs: + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases/finalizers + verbs: + - patch + - update +- apiGroups: + - octavia.openstack.org + resources: + - octaviaamphoracontrollers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - octavia.openstack.org + resources: + - octaviaamphoracontrollers/finalizers + verbs: + - patch + - update +- apiGroups: + - octavia.openstack.org + resources: + - octaviaamphoracontrollers/status + verbs: + - get + - patch + - update +- apiGroups: + - octavia.openstack.org + resources: + - octaviaapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - octavia.openstack.org + resources: + - octaviaapis/finalizers + verbs: + - patch + - update +- apiGroups: + - octavia.openstack.org + resources: + - octaviaapis/status + verbs: + - get + - patch + - update +- apiGroups: + - octavia.openstack.org + resources: + - octaviarsyslogs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - octavia.openstack.org + resources: + - octaviarsyslogs/finalizers + verbs: + - update +- apiGroups: + - octavia.openstack.org + resources: + - octaviarsyslogs/status + verbs: + - get + - patch + - update +- apiGroups: + - octavia.openstack.org + resources: + - octavias + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - octavia.openstack.org + resources: + - octavias/finalizers + verbs: + - patch + - update +- apiGroups: + - octavia.openstack.org + resources: + - octavias/status + verbs: + - get + - patch + - update +- apiGroups: + - ovn.openstack.org + resources: + - ovndbclusters + verbs: + - get + - list + - watch +- apiGroups: + - rabbitmq.openstack.org + resources: + - transporturls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + - hostmount-anyuid + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + - privileged + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: octavia-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: octavia-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: octavia-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: octavia-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: octavia-operator-manager-role +subjects: +- kind: ServiceAccount + name: octavia-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: octavia-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: octavia-operator-proxy-role +subjects: +- kind: ServiceAccount + name: octavia-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: octavia-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: octavia-operator diff --git a/bindata/rbac/openstack-baremetal-operator-rbac.yaml b/bindata/rbac/openstack-baremetal-operator-rbac.yaml new file mode 100644 index 000000000..59b9f86c2 --- /dev/null +++ b/bindata/rbac/openstack-baremetal-operator-rbac.yaml @@ -0,0 +1,361 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: openstack-baremetal-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: openstack-baremetal-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: openstack-baremetal-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - baremetal.openstack.org + resources: + - openstackbaremetalsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - baremetal.openstack.org + resources: + - openstackbaremetalsets/finalizers + verbs: + - patch + - update +- apiGroups: + - baremetal.openstack.org + resources: + - openstackbaremetalsets/status + verbs: + - get + - patch + - update +- apiGroups: + - baremetal.openstack.org + resources: + - openstackprovisionservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - baremetal.openstack.org + resources: + - openstackprovisionservers/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - baremetal.openstack.org + resources: + - openstackprovisionservers/status + verbs: + - get + - list + - patch + - update +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - volumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - baremetalhosts + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - baremetalhosts/status + verbs: + - get +- apiGroups: + - metal3.io + resources: + - provisionings + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: openstack-baremetal-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: openstack-baremetal-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: openstack-baremetal-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: openstack-baremetal-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: openstack-baremetal-operator-manager-role +subjects: +- kind: ServiceAccount + name: openstack-baremetal-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: openstack-baremetal-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: openstack-baremetal-operator-proxy-role +subjects: +- kind: ServiceAccount + name: openstack-baremetal-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: openstack-baremetal-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: openstack-baremetal-operator diff --git a/bindata/rbac/ovn-operator-rbac.yaml b/bindata/rbac/ovn-operator-rbac.yaml new file mode 100644 index 000000000..22748d6f2 --- /dev/null +++ b/bindata/rbac/ovn-operator-rbac.yaml @@ -0,0 +1,386 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ovn-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ovn-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: ovn-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - daemonsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.openstack.org + resources: + - dnsdata + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ovn.openstack.org + resources: + - ovncontroller + verbs: + - watch +- apiGroups: + - ovn.openstack.org + resources: + - ovncontrollers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ovn.openstack.org + resources: + - ovncontrollers/finalizers + verbs: + - patch + - update +- apiGroups: + - ovn.openstack.org + resources: + - ovncontrollers/status + verbs: + - get + - patch + - update +- apiGroups: + - ovn.openstack.org + resources: + - ovndbclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ovn.openstack.org + resources: + - ovndbclusters/finalizers + verbs: + - patch + - update +- apiGroups: + - ovn.openstack.org + resources: + - ovndbclusters/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - ovn.openstack.org + resources: + - ovnnorthds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ovn.openstack.org + resources: + - ovnnorthds/finalizers + verbs: + - patch + - update +- apiGroups: + - ovn.openstack.org + resources: + - ovnnorthds/status + verbs: + - get + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + - privileged + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - security.openshift.io + resourceNames: + - restricted-v2 + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ovn-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ovn-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: ovn-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ovn-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ovn-operator-manager-role +subjects: +- kind: ServiceAccount + name: ovn-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ovn-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ovn-operator-proxy-role +subjects: +- kind: ServiceAccount + name: ovn-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: ovn-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: ovn-operator diff --git a/bindata/rbac/placement-operator-rbac.yaml b/bindata/rbac/placement-operator-rbac.yaml new file mode 100644 index 000000000..9d188ff70 --- /dev/null +++ b/bindata/rbac/placement-operator-rbac.yaml @@ -0,0 +1,345 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: placement-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: placement-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: placement-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts/finalizers + verbs: + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases/finalizers + verbs: + - patch + - update +- apiGroups: + - placement.openstack.org + resources: + - placementapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - placement.openstack.org + resources: + - placementapis/finalizers + verbs: + - patch + - update +- apiGroups: + - placement.openstack.org + resources: + - placementapis/status + verbs: + - get + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: placement-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: placement-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: placement-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: placement-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: placement-operator-manager-role +subjects: +- kind: ServiceAccount + name: placement-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: placement-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: placement-operator-proxy-role +subjects: +- kind: ServiceAccount + name: placement-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: placement-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: placement-operator diff --git a/bindata/rbac/rabbitmq-cluster-operator-rbac.yaml b/bindata/rbac/rabbitmq-cluster-operator-rbac.yaml new file mode 100644 index 000000000..7295ab732 --- /dev/null +++ b/bindata/rbac/rabbitmq-cluster-operator-rbac.yaml @@ -0,0 +1,230 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rabbitmq-cluster-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: rabbitmq-cluster-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: rabbitmq-cluster-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters/finalizers + verbs: + - update +- apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters/status + verbs: + - get + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rabbitmq-cluster-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rabbitmq-cluster-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: rabbitmq-cluster-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: rabbitmq-cluster-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rabbitmq-cluster-operator-manager-role +subjects: +- kind: ServiceAccount + name: rabbitmq-cluster-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: rabbitmq-cluster-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rabbitmq-cluster-operator-proxy-role +subjects: +- kind: ServiceAccount + name: rabbitmq-cluster-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: rabbitmq-cluster-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: rabbitmq-cluster-operator diff --git a/bindata/rbac/rbac.yaml b/bindata/rbac/rbac.yaml new file mode 100644 index 000000000..45bf2feb0 --- /dev/null +++ b/bindata/rbac/rbac.yaml @@ -0,0 +1,956 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: openstack-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: openstack-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: openstack-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - imagestreamimages + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - imagestreammappings + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - imagestreams + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - imagestreams/layers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - imagestreamtags + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - imagetags + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - projects + verbs: + - get +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - barbican.openstack.org + resources: + - barbicans + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - baremetal.openstack.org + resources: + - openstackbaremetalsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - baremetal.openstack.org + resources: + - openstackbaremetalsets/finalizers + verbs: + - patch + - update +- apiGroups: + - baremetal.openstack.org + resources: + - openstackbaremetalsets/status + verbs: + - get +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cinder.openstack.org + resources: + - cinders + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - client.openstack.org + resources: + - openstackclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - client.openstack.org + resources: + - openstackclients/finalizers + verbs: + - update +- apiGroups: + - client.openstack.org + resources: + - openstackclients/status + verbs: + - get + - patch + - update +- apiGroups: + - config.openshift.io + resources: + - networks + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - core.openstack.org + resources: + - openstackcontrolplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - core.openstack.org + resources: + - openstackcontrolplanes/finalizers + verbs: + - patch + - update +- apiGroups: + - core.openstack.org + resources: + - openstackcontrolplanes/status + verbs: + - get + - patch + - update +- apiGroups: + - core.openstack.org + resources: + - openstackversions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - core.openstack.org + resources: + - openstackversions/finalizers + verbs: + - patch + - update +- apiGroups: + - core.openstack.org + resources: + - openstackversions/status + verbs: + - get + - patch + - update +- apiGroups: + - dataplane.openstack.org + resources: + - openstackdataplanedeployments + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - dataplane.openstack.org + resources: + - openstackdataplanedeployments/finalizers + verbs: + - patch + - update +- apiGroups: + - dataplane.openstack.org + resources: + - openstackdataplanedeployments/status + verbs: + - get + - patch + - update +- apiGroups: + - dataplane.openstack.org + resources: + - openstackdataplanenodesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - dataplane.openstack.org + resources: + - openstackdataplanenodesets/finalizers + verbs: + - patch + - update +- apiGroups: + - dataplane.openstack.org + resources: + - openstackdataplanenodesets/status + verbs: + - get + - patch + - update +- apiGroups: + - dataplane.openstack.org + resources: + - openstackdataplaneservices + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - dataplane.openstack.org + resources: + - openstackdataplaneservices/finalizers + verbs: + - patch + - update +- apiGroups: + - designate.openstack.org + resources: + - designates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - glance.openstack.org + resources: + - glances + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - heat.openstack.org + resources: + - heats + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - horizon.openstack.org + resources: + - horizons + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - image.openshift.io + resources: + - imagestreamimages + verbs: + - get + - list + - watch +- apiGroups: + - image.openshift.io + resources: + - imagestreammappings + verbs: + - get + - list + - watch +- apiGroups: + - image.openshift.io + resources: + - imagestreams + verbs: + - get + - list + - watch +- apiGroups: + - image.openshift.io + resources: + - imagestreams/layers + verbs: + - get +- apiGroups: + - image.openshift.io + resources: + - imagestreamtags + verbs: + - get + - list + - watch +- apiGroups: + - image.openshift.io + resources: + - imagetags + verbs: + - get + - list + - watch +- apiGroups: + - ironic.openstack.org + resources: + - ironics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - machineconfiguration.openshift.io + resources: + - machineconfigs + verbs: + - get + - list + - watch +- apiGroups: + - manila.openstack.org + resources: + - manilas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - galeras + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.openstack.org + resources: + - dnsdata + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.openstack.org + resources: + - dnsdata/finalizers + verbs: + - patch + - update +- apiGroups: + - network.openstack.org + resources: + - dnsdata/status + verbs: + - get +- apiGroups: + - network.openstack.org + resources: + - dnsmasqs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.openstack.org + resources: + - dnsmasqs/status + verbs: + - get +- apiGroups: + - network.openstack.org + resources: + - ipsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.openstack.org + resources: + - ipsets/finalizers + verbs: + - patch + - update +- apiGroups: + - network.openstack.org + resources: + - ipsets/status + verbs: + - get +- apiGroups: + - network.openstack.org + resources: + - netconfigs + verbs: + - get + - list + - watch +- apiGroups: + - neutron.openstack.org + resources: + - neutronapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - nova.openstack.org + resources: + - nova + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - octavia.openstack.org + resources: + - octavias + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operator.openshift.io + resources: + - imagecontentsourcepolicies + verbs: + - get + - list +- apiGroups: + - ovn.openstack.org + resources: + - ovncontrollers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ovn.openstack.org + resources: + - ovndbclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ovn.openstack.org + resources: + - ovnnorthds + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - placement.openstack.org + resources: + - placementapis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - project.openshift.io + resources: + - projects + verbs: + - get +- apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - redis.openstack.org + resources: + - redises + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create + - patch + - update +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - swift.openstack.org + resources: + - swifts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - telemetry.openstack.org + resources: + - metricstorages + verbs: + - get + - list + - watch +- apiGroups: + - telemetry.openstack.org + resources: + - telemetries + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: openstack-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: openstack-operator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: openstack-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: openstack-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: openstack-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: openstack-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: openstack-operator-manager-role +subjects: +- kind: ServiceAccount + name: openstack-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: openstack-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: openstack-operator-proxy-role +subjects: +- kind: ServiceAccount + name: openstack-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: openstack-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: openstack diff --git a/bindata/rbac/swift-operator-rbac.yaml b/bindata/rbac/swift-operator-rbac.yaml new file mode 100644 index 000000000..4c7902e4c --- /dev/null +++ b/bindata/rbac/swift-operator-rbac.yaml @@ -0,0 +1,468 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: swift-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: swift-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: swift-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - '*' + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - barbican.openstack.org + resources: + - barbicanapis + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds + verbs: + - get + - list + - watch +- apiGroups: + - network.openstack.org + resources: + - dnsdata + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rabbitmq.openstack.org + resources: + - transporturls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - nonroot-v2 + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - swift.openstack.org + resources: + - swiftproxies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - swift.openstack.org + resources: + - swiftproxies/finalizers + verbs: + - patch + - update +- apiGroups: + - swift.openstack.org + resources: + - swiftproxies/status + verbs: + - get + - patch + - update +- apiGroups: + - swift.openstack.org + resources: + - swiftrings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - swift.openstack.org + resources: + - swiftrings/finalizers + verbs: + - patch + - update +- apiGroups: + - swift.openstack.org + resources: + - swiftrings/status + verbs: + - get + - patch + - update +- apiGroups: + - swift.openstack.org + resources: + - swifts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - swift.openstack.org + resources: + - swifts/finalizers + verbs: + - patch + - update +- apiGroups: + - swift.openstack.org + resources: + - swifts/status + verbs: + - get + - patch + - update +- apiGroups: + - swift.openstack.org + resources: + - swiftstorages + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - swift.openstack.org + resources: + - swiftstorages/finalizers + verbs: + - patch + - update +- apiGroups: + - swift.openstack.org + resources: + - swiftstorages/status + verbs: + - get + - patch + - update +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: swift-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: swift-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: swift-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: swift-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: swift-operator-manager-role +subjects: +- kind: ServiceAccount + name: swift-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: swift-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: swift-operator-proxy-role +subjects: +- kind: ServiceAccount + name: swift-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: swift-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: swift-operator diff --git a/bindata/rbac/telemetry-operator-rbac.yaml b/bindata/rbac/telemetry-operator-rbac.yaml new file mode 100644 index 000000000..e59d55d31 --- /dev/null +++ b/bindata/rbac/telemetry-operator-rbac.yaml @@ -0,0 +1,577 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: telemetry-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: telemetry-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: telemetry-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - heat.openstack.org + resources: + - heats + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneapis + verbs: + - get + - list + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - keystone.openstack.org + resources: + - keystoneservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - galeras + verbs: + - get + - list + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbaccounts/finalizers + verbs: + - patch + - update +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mariadb.openstack.org + resources: + - mariadbdatabases/finalizers + verbs: + - patch + - update +- apiGroups: + - memcached.openstack.org + resources: + - memcacheds + verbs: + - get + - list + - watch +- apiGroups: + - monitoring.rhobs + resources: + - alertmanagers + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.rhobs + resources: + - monitoringstacks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.rhobs + resources: + - prometheuses + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.rhobs + resources: + - prometheusrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.rhobs + resources: + - scrapeconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.rhobs + resources: + - servicemonitors + verbs: + - delete + - get + - list +- apiGroups: + - network.openstack.org + resources: + - ipsets + verbs: + - get + - list + - watch +- apiGroups: + - observability.openshift.io + resources: + - uiplugins + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters + verbs: + - get + - list + - watch +- apiGroups: + - rabbitmq.openstack.org + resources: + - transporturls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - telemetry.openstack.org + resources: + - autoscalings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - telemetry.openstack.org + resources: + - autoscalings/finalizers + verbs: + - delete + - patch + - update +- apiGroups: + - telemetry.openstack.org + resources: + - autoscalings/status + verbs: + - get + - patch + - update +- apiGroups: + - telemetry.openstack.org + resources: + - ceilometers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - telemetry.openstack.org + resources: + - ceilometers/finalizers + verbs: + - delete + - patch + - update +- apiGroups: + - telemetry.openstack.org + resources: + - ceilometers/status + verbs: + - get + - patch + - update +- apiGroups: + - telemetry.openstack.org + resources: + - loggings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - telemetry.openstack.org + resources: + - loggings/finalizers + verbs: + - delete + - patch + - update +- apiGroups: + - telemetry.openstack.org + resources: + - loggings/status + verbs: + - get + - patch + - update +- apiGroups: + - telemetry.openstack.org + resources: + - metricstorages + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - telemetry.openstack.org + resources: + - metricstorages/finalizers + verbs: + - delete + - patch + - update +- apiGroups: + - telemetry.openstack.org + resources: + - metricstorages/status + verbs: + - get + - patch + - update +- apiGroups: + - telemetry.openstack.org + resources: + - telemetries + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - telemetry.openstack.org + resources: + - telemetries/finalizers + verbs: + - patch + - update +- apiGroups: + - telemetry.openstack.org + resources: + - telemetries/status + verbs: + - get + - patch + - update +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: telemetry-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: telemetry-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: telemetry-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: telemetry-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: telemetry-operator-manager-role +subjects: +- kind: ServiceAccount + name: telemetry-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: telemetry-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: telemetry-operator-proxy-role +subjects: +- kind: ServiceAccount + name: telemetry-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: telemetry-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: telemetry-operator diff --git a/bindata/rbac/test-operator-rbac.yaml b/bindata/rbac/test-operator-rbac.yaml new file mode 100644 index 000000000..c82d11bcb --- /dev/null +++ b/bindata/rbac/test-operator-rbac.yaml @@ -0,0 +1,336 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: test-operator-leader-election-role + namespace: '{{ .OperatorNamespace }}' +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: test-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - anyuid + - nonroot + - nonroot-v2 + - privileged + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - test.openstack.org + resources: + - ansibletests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - test.openstack.org + resources: + - ansibletests/finalizers + verbs: + - patch + - update +- apiGroups: + - test.openstack.org + resources: + - ansibletests/status + verbs: + - get + - patch + - update +- apiGroups: + - test.openstack.org + resources: + - horizontests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - test.openstack.org + resources: + - horizontests/finalizers + verbs: + - patch + - update +- apiGroups: + - test.openstack.org + resources: + - horizontests/status + verbs: + - get + - patch + - update +- apiGroups: + - test.openstack.org + resources: + - tempests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - test.openstack.org + resources: + - tempests/finalizers + verbs: + - patch + - update +- apiGroups: + - test.openstack.org + resources: + - tempests/status + verbs: + - get + - patch + - update +- apiGroups: + - test.openstack.org + resources: + - tobikoes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - test.openstack.org + resources: + - tobikoes/finalizers + verbs: + - patch + - update +- apiGroups: + - test.openstack.org + resources: + - tobikoes/status + verbs: + - get + - patch + - update +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: test-operator-leader-election-rolebinding + namespace: '{{ .OperatorNamespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: test-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: test-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: test-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: test-operator-manager-role +subjects: +- kind: ServiceAccount + name: test-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: test-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: test-operator-proxy-role +subjects: +- kind: ServiceAccount + name: test-operator-controller-manager + namespace: '{{ .OperatorNamespace }}' +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: test-operator-controller-manager-metrics-service + namespace: '{{ .OperatorNamespace }}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: test-operator diff --git a/cmd/operator/main.go b/cmd/operator/main.go new file mode 100644 index 000000000..e10af1893 --- /dev/null +++ b/cmd/operator/main.go @@ -0,0 +1,164 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "crypto/tls" + "flag" + "os" + "strconv" + "strings" + + "go.uber.org/zap/zapcore" + + // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) + // to ensure that exec-entrypoint and run can make use of them. + _ "k8s.io/client-go/plugin/pkg/client/auth" + + "sigs.k8s.io/controller-runtime/pkg/client/config" + + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/client-go/kubernetes" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/healthz" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + "sigs.k8s.io/controller-runtime/pkg/webhook" + + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + + operatorv1beta1 "github.com/openstack-k8s-operators/openstack-operator/apis/operator/v1beta1" + operatorcontrollers "github.com/openstack-k8s-operators/openstack-operator/controllers/operator" +) + +var ( + scheme = runtime.NewScheme() + setupLog = ctrl.Log.WithName("setup") +) + +func init() { + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) + utilruntime.Must(operatorv1beta1.AddToScheme(scheme)) +} + +func main() { + var metricsAddr string + var enableLeaderElection bool + var probeAddr string + var enableHTTP2 bool + flag.BoolVar(&enableHTTP2, "enable-http2", enableHTTP2, "If HTTP/2 should be enabled for the metrics and webhook servers.") + flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") + flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") + flag.BoolVar(&enableLeaderElection, "leader-elect", false, + "Enable leader election for controller manager. "+ + "Enabling this will ensure there is only one active controller manager.") + devMode, err := strconv.ParseBool(os.Getenv("DEV_MODE")) + if err != nil { + devMode = true + } + opts := zap.Options{ + Development: devMode, + TimeEncoder: zapcore.ISO8601TimeEncoder, + } + opts.BindFlags(flag.CommandLine) + flag.Parse() + + ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) + + disableHTTP2 := func(c *tls.Config) { + if enableHTTP2 { + return + } + c.NextProtos = []string{"http/1.1"} + } + + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ + Scheme: scheme, + Metrics: metricsserver.Options{ + BindAddress: metricsAddr, + }, + HealthProbeBindAddress: probeAddr, + LeaderElection: enableLeaderElection, + LeaderElectionID: "20ca801f.openstack.org", + WebhookServer: webhook.NewServer( + webhook.Options{ + Port: 9443, + TLSOpts: []func(config *tls.Config){disableHTTP2}, + }), + // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily + // when the Manager ends. This requires the binary to immediately end when the + // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly + // speeds up voluntary leader transitions as the new leader don't have to wait + // LeaseDuration time first. + // + // In the default scaffold provided, the program ends immediately after + // the manager stops, so would be fine to enable this option. However, + // if you are doing or is intended to do any operation such as perform cleanups + // after the manager stops then its usage might be unsafe. + // LeaderElectionReleaseOnCancel: true, + }) + if err != nil { + setupLog.Error(err, "unable to start manager") + os.Exit(1) + } + // Setup the context that's going to be used in controllers and for the manager. + ctx := ctrl.SetupSignalHandler() + + cfg, err := config.GetConfig() + if err != nil { + setupLog.Error(err, "") + os.Exit(1) + } + kclient, err := kubernetes.NewForConfig(cfg) + if err != nil { + setupLog.Error(err, "") + os.Exit(1) + } + + // Webhooks + checker := healthz.Ping + if strings.ToLower(os.Getenv("ENABLE_WEBHOOKS")) != "false" { + + checker = mgr.GetWebhookServer().StartedChecker() + } + + if err = (&operatorcontrollers.OpenStackReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + Kclient: kclient, + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "OpenStack") + os.Exit(1) + } + operatorcontrollers.SetupEnv() + + if err := mgr.AddHealthzCheck("healthz", checker); err != nil { + setupLog.Error(err, "unable to set up health check") + os.Exit(1) + } + if err := mgr.AddReadyzCheck("readyz", checker); err != nil { + setupLog.Error(err, "unable to set up ready check") + os.Exit(1) + } + + setupLog.Info("starting manager") + if err := mgr.Start(ctx); err != nil { + setupLog.Error(err, "problem running manager") + os.Exit(1) + } +} diff --git a/config/crd/bases/operator.openstack.org_openstacks.yaml b/config/crd/bases/operator.openstack.org_openstacks.yaml new file mode 100644 index 000000000..ca4161ede --- /dev/null +++ b/config/crd/bases/operator.openstack.org_openstacks.yaml @@ -0,0 +1,71 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: openstacks.operator.openstack.org +spec: + group: operator.openstack.org + names: + kind: OpenStack + listKind: OpenStackList + plural: openstacks + singular: openstack + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.deployedOperatorCount + name: Deployed Operator Count + type: integer + - description: Status + jsonPath: .status.conditions[0].status + name: Status + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + deployedOperatorCount: + type: integer + observedGeneration: + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index d4049952f..a55279ade 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -8,6 +8,7 @@ resources: - bases/dataplane.openstack.org_openstackdataplanenodesets.yaml - bases/dataplane.openstack.org_openstackdataplaneservices.yaml - bases/dataplane.openstack.org_openstackdataplanedeployments.yaml +#- bases/operator.openstack.org_openstacks.yaml #+kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: @@ -16,13 +17,15 @@ patchesStrategicMerge: #- patches/webhook_in_core_openstackcontrolplanes.yaml #- patches/webhook_in_openstackclients.yaml #- patches/webhook_in_openstackversions.yaml +#- patches/webhook_in_openstacks.yaml #+kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. # patches here are for enabling the CA injection for each CRD -- patches/cainjection_in_core_openstackcontrolplanes.yaml +#- patches/cainjection_in_core_openstackcontrolplanes.yaml #- patches/cainjection_in_openstackclients.yaml #- patches/cainjection_in_openstackversions.yaml +#- patches/cainjection_in_openstacks.yaml #+kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. diff --git a/config/crd/patches/cainjection_in_operator_openstacks.yaml b/config/crd/patches/cainjection_in_operator_openstacks.yaml new file mode 100644 index 000000000..fb7dae09d --- /dev/null +++ b/config/crd/patches/cainjection_in_operator_openstacks.yaml @@ -0,0 +1,7 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: openstacks.operator.openstack.org diff --git a/config/crd/patches/webhook_in_operator_openstacks.yaml b/config/crd/patches/webhook_in_operator_openstacks.yaml new file mode 100644 index 000000000..a8820aec2 --- /dev/null +++ b/config/crd/patches/webhook_in_operator_openstacks.yaml @@ -0,0 +1,16 @@ +# The following patch enables a conversion webhook for the CRD +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: openstacks.operator.openstack.org +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + namespace: system + name: webhook-service + path: /convert + conversionReviewVersions: + - v1 diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index ff3b2d7e4..1b9631f48 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,5 +1,5 @@ # Adds namespace to all resources. -namespace: openstack-operator-system +namespace: '{{ .OperatorNamespace }}' # Value of this field is prepended to the # names of all resources, e.g. a deployment named @@ -12,9 +12,9 @@ namePrefix: openstack-operator- #commonLabels: # someName: someValue -bases: -- ../crd -- ../rbac +resources: +#- ../crd +#- ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml @@ -49,29 +49,29 @@ patchesStrategicMerge: # the following config is for teaching kustomize how to do var substitution vars: # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldref: -# fieldpath: metadata.namespace -#- name: CERTIFICATE_NAME -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -#- name: SERVICE_NAMESPACE # namespace of the service -# objref: -# kind: Service -# version: v1 -# name: webhook-service -# fieldref: -# fieldpath: metadata.namespace -#- name: SERVICE_NAME -# objref: -# kind: Service -# version: v1 -# name: webhook-service +- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR + objref: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldref: + fieldpath: metadata.namespace +- name: CERTIFICATE_NAME + objref: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml +- name: SERVICE_NAMESPACE # namespace of the service + objref: + kind: Service + version: v1 + name: webhook-service + fieldref: + fieldpath: metadata.namespace +- name: SERVICE_NAME + objref: + kind: Service + version: v1 + name: webhook-service diff --git a/config/default/webhookcainjection_patch.yaml b/config/default/webhookcainjection_patch.yaml index 81e80999d..6596b12de 100644 --- a/config/default/webhookcainjection_patch.yaml +++ b/config/default/webhookcainjection_patch.yaml @@ -14,3 +14,17 @@ metadata: name: validating-webhook-configuration annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/name: mutatingingwebhookconfiguration + app.kubernetes.io/instance: mutating-webhook-configuration + app.kubernetes.io/component: webhook + app.kubernetes.io/created-by: openstack-operator + app.kubernetes.io/part-of: openstack-operator + app.kubernetes.io/managed-by: kustomize + name: mutating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 9fa78d2b9..72b8cb5f6 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -8,9 +8,3 @@ configMapGenerator: - files: - controller_manager_config.yaml name: manager-config -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: controller - newName: quay.io/openstack-k8s-operators/openstack-operator - newTag: latest diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index b5f05ac15..a1a79561a 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -43,8 +43,8 @@ spec: - --leader-elect env: - name: OPENSTACK_RELEASE_VERSION - value: 0.0.1 - image: controller:latest + value: '{{ .OpenstackReleaseVersion }}' + image: '{{ .OperatorImage }}' name: manager securityContext: allowPrivilegeEscalation: false @@ -73,5 +73,5 @@ spec: requests: cpu: 10m memory: 128Mi - serviceAccountName: controller-manager + serviceAccountName: openstack-operator-controller-manager terminationGracePeriodSeconds: 10 diff --git a/config/manifests/bases/openstack-operator.clusterserviceversion.yaml b/config/manifests/bases/openstack-operator.clusterserviceversion.yaml index e0181c04e..9caa2969a 100644 --- a/config/manifests/bases/openstack-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/openstack-operator.clusterserviceversion.yaml @@ -609,6 +609,17 @@ spec: x-descriptors: - urn:alm:descriptor:io.kubernetes.conditions version: v1beta1 + - description: OpenStack is the Schema for the openstacks API + displayName: Open Stack + kind: OpenStack + name: openstacks.operator.openstack.org + statusDescriptors: + - description: Conditions + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + version: v1beta1 - description: OpenStackVersion is the Schema for the openstackversionupdates API displayName: OpenStack Version diff --git a/config/operator/delete_crd.yaml b/config/operator/delete_crd.yaml new file mode 100644 index 000000000..a7299553b --- /dev/null +++ b/config/operator/delete_crd.yaml @@ -0,0 +1,35 @@ +$patch: delete +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: openstackcontrolplanes.core.openstack.org +--- +$patch: delete +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: openstackversions.core.openstack.org +--- +$patch: delete +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: openstackclients.client.openstack.org +--- +$patch: delete +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: openstackdataplanenodesets.dataplane.openstack.org +--- +$patch: delete +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: openstackdataplaneservices.dataplane.openstack.org +--- +$patch: delete +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: openstackdataplanedeployments.dataplane.openstack.org diff --git a/config/operator/deployment/controller_operator_config.yaml b/config/operator/deployment/controller_operator_config.yaml new file mode 100644 index 000000000..c4e68c29d --- /dev/null +++ b/config/operator/deployment/controller_operator_config.yaml @@ -0,0 +1,11 @@ +apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 +kind: ControllerManagerConfig +health: + healthProbeBindAddress: :8081 +metrics: + bindAddress: 127.0.0.1:8080 +webhook: + port: 9443 +leaderElection: + leaderElect: true + resourceName: 20ca801f.openstack.org diff --git a/config/operator/deployment/deployment.yaml b/config/operator/deployment/deployment.yaml new file mode 100644 index 000000000..781933ea1 --- /dev/null +++ b/config/operator/deployment/deployment.yaml @@ -0,0 +1,81 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-operator + openstack.org/operator-name: openstack + name: system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-operator + namespace: system + labels: + control-plane: controller-operator + openstack.org/operator-name: openstack-controller +spec: + selector: + matchLabels: + openstack.org/operator-name: openstack-controller + replicas: 1 + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: operator + labels: + control-plane: controller-operator + openstack.org/operator-name: openstack-controller + spec: + securityContext: + runAsNonRoot: true + # TODO(user): For common cases that do not require escalating privileges + # it is recommended to ensure that all your Pods/Containers are restrictive. + # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted + # Please uncomment the following code if your project does NOT have to work on old Kubernetes + # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). + # seccompProfile: + # type: RuntimeDefault + containers: + - command: + - /operator + args: + - --leader-elect + env: + - name: OPENSTACK_RELEASE_VERSION + value: 0.0.1 + - name: ENABLE_WEBHOOKS + value: false + - name: OPERATOR_IMAGE_URL + value: quay.io/openstack-k8s-operators/openstack-operator:latest + image: controller:latest + name: operator + securityContext: + allowPrivilegeEscalation: false + # TODO(user): uncomment for common cases that do not require escalating privileges + # capabilities: + # drop: + # - "ALL" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + serviceAccountName: controller-operator + terminationGracePeriodSeconds: 10 diff --git a/config/operator/deployment/kustomization.yaml b/config/operator/deployment/kustomization.yaml new file mode 100644 index 000000000..6ca4c7dc7 --- /dev/null +++ b/config/operator/deployment/kustomization.yaml @@ -0,0 +1,16 @@ +resources: +- deployment.yaml + +generatorOptions: + disableNameSuffixHash: true + +configMapGenerator: +- files: + - controller_operator_config.yaml + name: operator-config +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: controller + newName: quay.io/openstack-k8s-operators/openstack-operator + newTag: latest diff --git a/config/operator/kustomization.yaml b/config/operator/kustomization.yaml new file mode 100644 index 000000000..437691031 --- /dev/null +++ b/config/operator/kustomization.yaml @@ -0,0 +1,16 @@ +resources: +- ../crd/bases/operator.openstack.org_openstacks.yaml + +bases: +#- ../crd/ +- manifests +- rbac +- deployment +- ../certmanager/ +- ../samples/ + +patchesStrategicMerge: +#- delete_crd.yaml + +# Injects our custom images (ENV variable settings) +- manager_operator_images.yaml diff --git a/config/operator/manager_operator_images.yaml b/config/operator/manager_operator_images.yaml new file mode 100644 index 000000000..e5096a655 --- /dev/null +++ b/config/operator/manager_operator_images.yaml @@ -0,0 +1,57 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! +# +# This patch inject custom ENV settings to the manager container +# Used to set our operator locations +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-operator + namespace: system +spec: + template: + spec: + containers: + - name: operator + env: + - name: RELATED_IMAGE_BARBICAN_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/barbican-operator@sha256:3e35386664233c7e37f7e3065c728e42da558a9e58c1b9860a1c4a1a34775729 + - name: RELATED_IMAGE_CINDER_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/cinder-operator@sha256:b25b8c1d3f786804bd1f0e6e676d5630dc5403ab833a0a76de53068065dbdfbe + - name: RELATED_IMAGE_DESIGNATE_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/designate-operator@sha256:2c5a9a05c99bcbf8bc72dd75d77dfcac294123aa3250b0ad38ec4972329eb874 + - name: RELATED_IMAGE_GLANCE_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/glance-operator@sha256:4a5a408fc7bdc93e2859ac7d072a0030f3cb7936601d4be53f438d1adaee9a34 + - name: RELATED_IMAGE_HEAT_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/heat-operator@sha256:1eddff80590df03b6a64e94c685f6e2a212a6f34a67beb7d2b324fdeb853c12c + - name: RELATED_IMAGE_HORIZON_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/horizon-operator@sha256:3212104187d96591c869163da17f9ed364bacada0f304f4353b9700d748d1bae + - name: RELATED_IMAGE_INFRA_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/infra-operator@sha256:237e3a17851c33b083d3c673c19e9fabaa728d6de42eb4fe028011da4fa33d04 + - name: RELATED_IMAGE_IRONIC_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/ironic-operator@sha256:2d12ec471465e831cf5b78546e69a6e5a037bf54fc9752740470d39a432599d9 + - name: RELATED_IMAGE_KEYSTONE_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/keystone-operator@sha256:c918c6288793363a0a7bc8564f4d75c05ab5a3f88e140285e88cf25b24073d8b + - name: RELATED_IMAGE_MANILA_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/manila-operator@sha256:d81e9204e74f797cf15fb531b9dc44a9c23d1d30621c9860faa08ae9ebccc032 + - name: RELATED_IMAGE_MARIADB_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/mariadb-operator@sha256:14e75a8608b568f0169ff698ebe2a70b2a429ac076b8603591455529a164b27b + - name: RELATED_IMAGE_NEUTRON_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/neutron-operator@sha256:ba53ca6f9541a55f4a71c61d71123546a619f4787fc25ed91b00bc37fe55ac93 + - name: RELATED_IMAGE_NOVA_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/nova-operator@sha256:9a1d7f3a928a16b0b8907ef92ab47dbeccff0e5860bed94f345c2393de3712d3 + - name: RELATED_IMAGE_OCTAVIA_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/octavia-operator@sha256:7c594519b01f17c973bc96fea13d183c6ea650830570d5f7695a73148bcc65e7 + - name: RELATED_IMAGE_OPENSTACK_BAREMETAL_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/openstack-baremetal-operator@sha256:fba9276ef4c3fbf4671be6ea13586b3149cc08159fb353222c0bfbbe91d81a7c + - name: RELATED_IMAGE_OVN_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/ovn-operator@sha256:eb3ceac834eaaa8c295e050615ba1c1bf9ac22b34bcc252b1f07799a906a2195 + - name: RELATED_IMAGE_PLACEMENT_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/placement-operator@sha256:a8b90df9f7e511c52c13e729a69981018b9c5f559bc01870aaa9c0cb75370a19 + - name: RELATED_IMAGE_RABBITMQ_CLUSTER_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/rabbitmq-cluster-operator@sha256:225524223bf2a7f3a4ce95958fc9ca6fdab02745fb70374e8ff5bf1ddaceda4b + - name: RELATED_IMAGE_SWIFT_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/swift-operator@sha256:bccf1bdbcb83cc96debdfdedb6ebde14081f88a37b2c894573c511e856d13ce1 + - name: RELATED_IMAGE_TELEMETRY_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/telemetry-operator@sha256:bb317539cb234c97160ec359ac761351377468b83f39079c85dc7a977fb1524e + - name: RELATED_IMAGE_TEST_OPERATOR_MANAGER_IMAGE_URL + value: quay.io/openstack-k8s-operators/test-operator@sha256:6098d9a34ec7f065c0039b132f5daedf5fc7e142f9114e46bb2b9778000fbf23 diff --git a/config/operator/managers.yaml b/config/operator/managers.yaml new file mode 100644 index 000000000..cb8f3bc5d --- /dev/null +++ b/config/operator/managers.yaml @@ -0,0 +1,99 @@ +{{ $namespace := .OperatorNamespace }} +{{ range $operatorName, $operatorImage := .OperatorImages }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + openstack.org/operator-name: {{ $operatorName }} + name: {{ $operatorName }}-operator-controller-manager + namespace: {{ $namespace }} +spec: + replicas: 1 + selector: + matchLabels: + openstack.org/operator-name: {{ $operatorName }} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + openstack.org/operator-name: {{ $operatorName }} + spec: + containers: + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + env: + - name: ENABLE_WEBHOOKS +{{ if eq $operatorName "infra" }} + value: 'true' +{{ else }} + value: 'false' +{{ end }} + image: {{ $operatorImage }} + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false +{{ if eq $operatorName "infra" }} + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true +{{ end }} + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: {{ $operatorName }}-operator-controller-manager + terminationGracePeriodSeconds: 10 +{{ if eq $operatorName "infra" }} + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: {{ $operatorName }}-operator-webhook-server-cert +{{ end }} +--- +{{ end }} diff --git a/config/operator/manifests/bases/openstack-operator.clusterserviceversion.yaml b/config/operator/manifests/bases/openstack-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..81e91c8df --- /dev/null +++ b/config/operator/manifests/bases/openstack-operator.clusterserviceversion.yaml @@ -0,0 +1,56 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[]' + capabilities: Seamless Upgrades + features.operators.openshift.io/disconnected: "true" + features.operators.openshift.io/fips-compliant: "true" + features.operators.openshift.io/proxy-aware: "false" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" + operatorframework.io/suggested-namespace: openstack-operators + operatorframework.io/initialization-resource: '{"apiVersion":"operator.openstack.org/v1beta1","kind":"OpenStack","metadata":{"name":"openstack","namespace":"openstack-operators"},"spec":{}}' + operators.operatorframework.io/builder: operator-sdk-v1.31.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + name: openstack-operator.v0.0.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: OpenStack is the Schema for the openstacks API + displayName: Open Stack + kind: OpenStack + name: openstacks.operator.openstack.org + version: v1beta1 + description: Install and configure OpenStack + displayName: OpenStack + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAYAAAAEiCAYAAADwEwVaAAAACXBIWXMAABYlAAAWJQFJUiTwAAAck0lEQVR4nO3dfYwdV33G8WeCCbaJsr7WKo4a/AalEJXIm0JBFQE7ElQICDGoav8hsqNKFbQ0MRIqElIbG6RKICTstFLVSig2RqXtH7BJGoQaUHZDKgSNyLou6gsq2XVqFKOtrzei2WAST3X2nvGO79x7986dt3PmfD+SRbKzODuzu+eZ33mN4jgWACA8m/ieI0TdKDos6aCkA5KmBjyCM5IuSZqTtGD+dOJ4MfNZgMeoABCUbhQdkWT+7J7gvpdsGJhQmOvE8ULmMwCPEAAIQjeKZiSdlLSvxPtdSsJA0mwnji9lPgNwGAEQsG4UbZM00/cELrXtzdZ29xwf0tVTpjM2ZKgO4AUCICDdKEr6vE2jv3+DO093d8z62v/djSLT8N+fuVA98/xmTSAQBnAVAdBy9i0/6fcu8gacvN16EwbdKDJf76HMhfoRBnASAdBSJTb8gzxsulQ6cTw34Frj7L3PjlHlNIEwgDMIgBayA56zE850ycM0Zkc7cXzSladoG/+5kgd7q0IYoFEEQMvYAc+Har4rJ4LAs8a/n3ddbPAfAdAi3Sg6KumBBu+osSCoseqpw3wqDJhaisoQAC3R4GyXQZZsA3a8jgbMzm46WcM0z7qtpLqInBxvgd8IgBZoqNtnHCt2/v3Jqro1HAu+KiWhWtmzRHgIAM91o8jM63/Cg7s4VeabrL3vky3p8snrYds95MzgO/xEAHjMDnouetb1UWjmi+3uOeLoFM+6raS62qgKkBsB4LFuFM153hCupFYbL9jdNxeScYPUVhV77Armgy3s5y/LvA1VqgKMjQDwlN3V8kuhPwdkUBVgbASAhzzt+kH9HrZVwSzPHoMQAB5yaI8b+GEpNRuLdQW4igDwTDeKTH/4s6E/B0wkWVdwlO4hGNdlPgLXMciHSU3ZyvFZM4HAzqhCwKgAPOLRnH/4Y237DradCBMVgF8Oh/4AULrddhX5otlLyk4wQCCoADxB3z9qdIpxgjBQAfjjaOgPALVJxglO2l1W0VJUAB5g3j8aNm8rAnYkbRkqAD+wBQKaZLYbecLOHDrAd6I9qAA80I2iBU9PuUI7URG0BAHgONsH+0zozwFOIgg8RxeQ+5j6CVclXUMn7Sw1eIYKwHHdKFoM9NAT+Ifpo56hAnCYXapP4w9fmOmjCywo8wcB4Db2aoFvzGy1B2wQ0H3pOLqAHNaNoktM/4TnzEDxkUmO/0T1qAAcZbt/aPzhOzNQ/AzdQm4iANxF+Yw2SbqFWEjmELqAHGTflLqhPwe01rFOHLO3lQOoANzE4C/a7AGzup21A80jANxEAKDt9tEl1Dy6gBzDvv8I0L2dOOao0wZQAbiHt3+E5iGznQTf9foRAO5h9g9CdIgQqB9dQA6h+wfQqU4c8xJUEyoAt/CDj9AdYguJ+lABOISdP4Gr7uScgeoRAI7g4BfgGiuS9nTi+BKPpTp0AbmDshdYZ/bBOs7zqBYVgCPo/gEGoiuoQlQADuDgF2Ao9gyqEAHgBhZ/AYPtZ7uI6tAF5AAOfgFGmu/EMSFQASqAhnHwC7Ch/ewcWg0CoHnM/gE2doRnVD66gBrEwS/A2JY6cUwVUDIqgGYx+AuMZ7ddLIkSEQDNIgCA8fH7UjK6gBrCzp9Abmc6cUwVUCIqgObwNgPks8+Om6EkBEBzmP0D5Md6gBIRAA2w3T/7grtxoDgCoEQEQDPo/gEmQwCUiEHgBrDzJzC5ThxHPL5yUAHUzM5lpvEHJsTmcOUhAOrH4C9QDAFQEgKgfvT/A8UQACUhAGpE9w9QChaDlYQAqBc7GgLFTbEvUDkIgHrR/QOUg26gEhAANeHgF6BUVAAlIADqw9s/UB4qgBKwEKwmnPsLlG5vJ44XeayTowKoQTeKDtP4A6WjG6ggAqAedP8A5aMbqCC6gCrGub9AZTggpiAqgOrx9g9Ugy3VCyIAqkcAABVhY7hiCIAK2e6fu1t7g0DzCIACCIBq8fYPVIsAKIAAqBZbPwPVYhC4AAKgIvbc3/2tvDnAHWwMVwABUB26f4B60A00IQKgOnT/APWgApgQAVAB2/3DHGWgHlQAEyIAqkH3D1Cf3falCzkRABX4qfSx1t0U4Da6gSZAAJQsiqKZX5He1KqbAtxHN9AECIDyce4vUD8qgAmwG2iJot7WD4sX2fsfqF0njiOeej5UAOXi3F+gIWwMlx8BUC66f4DmEAA5EQAliXrL0dfm/v9YOt+GewI8wzhATgRAea6+/X9N2tqC+wF8QwWQE4PAJYj6jn3cJWnB5xsC/HV7J4759RsTFUA5rtn355ykb0oXPL4fwFd0A+VAAJQjM/j7GWmHp/cC+IxuoBwIgIKi3tSz3f1/C1UA0AgCIAcCoLih2z7/kbTjF9JLmQsAqrLbnsWNMRAABdjB30PD/oYVSX8gXclcAFAlqoAxEQDFDH37TzwqbX1KWs5cAFAVAmBMBEAxmcHfQe6Rpi/1CgIA1WMm0JhYBzAhO/j7xLj/79skzWc+CqAKbAw3HiqAyeU68/espPul1cwFAKVjY7jxbPLhi6yLPVYufbRc+odoW1Jarkqbd0nvOJfz6zotbXmPdPEuaXvmIoAymd/dOZ7oaEEEgJ0WlvQLJo36jG3Ut+U9wP0X0krexj9xSNr+iLR8hzSduQigLIwDjKFVAWDLvuQtPmng92c+saAHC07tNIPCT0oXd1IJAFWhC2gMXg4C266aGfsnafQzq3GrMmNX+hZhTo0hBIBKsTHcBryoAOyb/YFUg9/YqVvPSxfOlbDPj5kT+m5p+zPSyjZOEQOqMMPGvKM5GQDd3uEqB21jX3oXThFz0stl/V0mBO6Wph6XVq+XtmQ+AUARpv04yRMczpkA6EbRQdvoO32u7mPSLZkPFmCmh75X2kIIAKVjHGADjY4B+NLop+1VNUt6d/W2jWBMAChXpxPHl3img9W+EMwM4Haj6Hg3isw35Rt2MzUvGv8XpG5V+zmcs2MCz0kXMxcBTIoqYITaAqAbRYe7UWQWZjzbWxTr38DnBenFzAdLtEIIAGUjAEaoPABsw78o6SHXBnTzeqLEAeBhkhBgB1GgFCwIG6GyAOhr+Gubo98GJgQ+JE0/SiUAFOX1S2fVSg8AM7Db1ob/R9JNmQ9WyGwb8WecKAYUwsZww5UWAHZwd84O7Lbyjf/ZBqZp/qW02ewi+suKxx+AFiMAhiglALpRdMSuuKPcqoDdRXQrh8oAE2EcYIhCAWB22bRv/V/ycVaPT8yCsdulKWYIAblRAQwxcQDY7RoWeeuvz0pv3+rtX2WGEJDHlN1AEn0mCgAzw0fSM6G99b9vbSlA8+6TphkXAHKhChggdwB0o+ioneETnE0OzchJxgXOUw0A4yAABsgVAN0oMjvrPZC5EIg7Hds91YwL3MF6AWAcDAQPMPZmcGb/HruFQ7AuS6s3O7pj5z3S6hel+NXS1sxFAGJjuKyxKgDb5x9042+Y7Zp3ZT7qBtMl9JvSVmYJAUPRDdRnwwCwq+iC7PMfZL+0OuDDTjhnZwmdYL0AMAjdQH1GBoCdOjWbuRCwezwYdD0mTZm5uSwcA9b9b+/cEaSMHAOwi7yY59+nqkNhymbm6H5OWv6oNO3BlwtUrhPHEU953dAKwG7vQOM/wIcc7gZKW7FrBj5ENQCseWsUfZAnsW5gANiun6OZC1jzJ9L/+fQknrLbSDA2gNDdJv1O6M8gbWAA2MafvX2GuEWavmPwJWetpMYGWDyGUP2MgeBrZALAvv0fynwmrvHH0nM+PpGzvbegaXPOAFtJIDQvSr/KN31dJgDo+hnPe6Wdrq4JGIc5Z8CsG+DoSYTkFem1UW8jy+CpPwB4+8/nzx3ZHG5S5+zRkwwSIzAsCLP6K4DDmc/AUO+Xdvg2FjCIGSR+vR0kplsIASAALAKgoM97XgWkmUFi0y30zRbdEzAAAWBdDQB7wEsrz/Kt0q3Sjns8WRcwDtMt9FFph+kW+neCAC1zrnc7UxEHxKxJVwC8/U/oC1LUtjmzplvondKOQ9KLjA+gLc6t30fwVYD6AoAHMqHXSJtPt3Q2zaPSVjM+YKaNXm5RpYPwvCB1UzcdfHunJADM4e69jSQxKXMwy10tHkA100bfJG0xA8UEAXz0X9LPU1928AGgVAXAvNgS/I10XZuXTyeriQkC+OgHa0d6XLWbcYD1ACANS2C6gh4NYGFVOgiYMQRf/L20o+9LDf7FNwmA4JOwLG+Rph8IZNB0xc4YMr9FJgioCOAq87N5Nvu1Bf/iSwBU4H5pqs3jAf2SqaN0DcFV314bA84IPgDWDoTpRtEiawDKZRrB90pbBrx1tJ4ZBzkirXxcuv56Rw/RR1j2240QB+jEAR8Un1QANP4lMw3f30rLIe6pnR4juF9aZR0BmmQWNA5p/PVT6T+6URTsGqhBu4GiJObcgCeli6EerGBa/dPSFrOOwAQBK4vRhE9nB3+vsq/+D3Wj6FI3io7aKfHBIAAqtlPa/qB0sdU3OQYTBO+0W0w87ulZCvCPeel4asRXfXatt3aNeU97QNKiDYIgxkUJgBrcJW0/RQisMb+MvyftNDOHGDBG1T424u3f+J50Q9+HkiB4thtFJ9seBARATQiBa52z4wQ323ECuodQNvOCMazvP/EdqZP54LpDNgha2zWUzAKKM1dQCbOnjtlWgaebZU5Y+5S0/LvSa5k9hCKeky7uk7aP81eM+VZmhrSOmz+dFs0aIgAaYN54T9PAjWS22P6Y9MKtG5TwQL9fSC+9Wdo87tSzp6Wl148/E9L8tUc6cXwyc8VDdAE14IS05RPSS8HdeA7JoHEyVtC3kyMwkBlT+u0cjb96ewRtynxwuCk7a2ihG0XeLySjAmjQo9LFQ2OWqZBu603pu/Ae6Ua6iNBv0sWXpto8MfnP08O2IljMXPFAUgHM89NUPwaG8zlrt5wwA8f32OmkzCKCCq68Xyj2MnG3+SvMQHHmigeSCmDOrpZGA6gEivmApD+Unn+rNEVlEB4z4Gteps4VuPOS3sLO2GpgLnPFUUkF4M0X3Ebmh/dMwCuGi3qsFwI3UxmEx7w8vbtg42/8RFrKfDA/c6jWE90oOu7LtNEkALzsv2oTs2LYbBuxK/QHUdBjdqFZEgZ/J51nALl9zEwfc161qZzL2Gjqv8udEHO/7RZyfpA4uemFzBXUzoTAD6TV23j0pXis1zV0yx6pY/o3Pyt1fyydb8GtBc2cPfHm3uFLW8t6DgNWBBe1O6kGXP5erY0BqHcu8CU7xQkN+6X04qekiLUC1ZjqneFsuo3Ov1/aeuPo1aBwhFktbrZ2qGKLdfPz8Ejmo6UxYwOHO3Hs3It2OgBm7Yg2HPFVafk+aZrvR7V29WZArH5QWn6HdAOB4BbT8JsdPUdt6laUeSl4ttq7dnIBWToAjkj6UuYz0Kh/k5bvkqbZUL8+6UC4Tbr+ZlYjN8J09Xy+ojf+QWqaj33KBoET20mkA2BP9SGISZgDVe6WpkI8XcwFSZfRu6SlO6VNu6XtTDetxnlp+a+lG07nXM1bhpxbQhThTJfQ1QBQLwQW7FQmOIiN5NxhBupnpNXfki6+XXr5ddJNhMJkTKP/ZelVX5c6RadzFlFjAMh2CZkQmM1cqVF/ANAN5LinpOV76BJy0i4bDKZS+A3putfRfTSQmZb7fenn/yhNPyJtceVnueYASBzrxHFjq4j7A4BuIA/QJeSX22w30vukC2+ULr9BuhJSxWAWWZkN174nbZ+XtjT5lj9KQwGgJscFrgkA9UKAbSE8YXbJPMbUXa8l4fA2qXuz9IKpHLZLV7ZKm32rHkxDf1G67ofSle9Ku8/Z/Zt80WAAyI4LHKg7BAYFgDkh/6HMZ8JJZpbQR6VpV9+qUNxtqQU6SVCYf75R2mTGH9L/gbIri+elCy/arctfkTY9Yf97z0s3Pm2ny1Y5PbNODQeAbAgcrHNn0UwAiEVh3jELxz4nXccAMTA5BwJAdnD4QF0zhIbtf+H08mVc69XS1s9Km5+UltlLCJjM9FpR1Tjz4j3XjaKZOr6QYRUAg8GeohoAJuPYwRy1VAIDKwDbB3UqcwHOoxoA8nNwA8ZaKoGBAWB5ecINet4iTZtXhwd6bxIARphx8/yIykNgaABQBbTD/dLUT6SVO0J/EMAIZt+n4VcbVWkIDBwDSNhTbRaZEdQOZhXxJ5gyCmQsSl3Hd4GtZExgaAWgXhVwiRlB7XGHNP0v0ot0CwHrdvXWVLi+Bbh5CT9Z9lGTIwPAMgFQxnmZcIAZJE66he6SXuR7gtB9xJ8jQ/fZ7qDSQmDDALBVwJHMBXhtmzR1Str6z9IFxgcQsvvKPQ+4avvK7JUZ68btlqXzmQvw3q3Sjkd6p49dYNooQnOHfRny7LYPdaOolFmaIweB0+zisAUGhNvNHEP5p2w3jUCYCvhWf7fs/nDR8wTGDgBxXkAwLkurfyVdPi5NEQRoq4oPgq+D+fWcKbJ5XK4AENtFB4UgQJt5/vafONOJ44nXCEwy+HFYTCMMgtlW2MwY+k9p1Uwdpe8PbWFmwLWg8Tf2daNo4kHh3BWAODMgWFQEaAPzIvOMtOLh4O8od3bieG7E9YEmCgD1QuCkGY3OXEDrJUHwkDTFqmL45kF7iFLLvnHmnWxP3hPFigSAWYwwZ+elIlDflC58RtpBEMAHpuvHrH9p6Tfr4U4cH8x8dISJA0C9EJixIUD3cOCelp77rLSzLccDon3Mls+PS6stP4w/V1dQoQAQ4wHoc15a/oL02tPt/iWDZ6bsZoi3tK/rp99SJ473ZD46ROEl0J04NmMBJzIXECTzC3ZC2vK8nTnE6mI0zTT+T0oXA2j8jd15VgkXrgASrA/AMI9Lz/0F3UNoQNL475S2B/T8x14gVmYAMCiMkS5JKw9KVx6SOkwjRdUCbfwTpzpxfDjz0T6lBYDYLwg5mKrgK9LOx3hoqEDgjX9i70ZVQKkBIGYGIacXpO4j0itf5KQylMTM9vkn6aXXSJsDf6YbVgGlB4B6IWDmon4jcwEYwcwg+rL0KrqIMKl7pNUTzEBLG1kFVBIAYnooCjLrCk5L049IWwgDbMR0N5yWlu8IY6ZPHiOrgMoCQIQASkIYYBSzrfNX2re3T5mGVgGVHoXGGgGU4W3STlPWP9vr233OlPn8pmOqt5//8iN+nupVp2YqgAQbx6EKP5bOf03a+nWpwwByWMwiw49L17d8W4eyrHTieOBB8rUEgAgBVOx56cK3pVf9gzTNgrP2MtXfMekyb/y5DTw+srYAECGAmpjtqv9VWjbjBvPSFqoD/9HwFzZwp9BaA0CEABpg1hp8X/r5V+x2FAwk+8G09EeklXulKzdKndCfRwk6/ecF1B4AIgTQMNNdNCe9/Jh0y1lJVAhuMQu5Pi1deH87jmx0yb12Ys5VjQSAmCIKhyQVwvekG74jdc7yzamd2TX2I1L3Puk6unkqk+kGaiwARAjAYWaG0RPSy9+VdlMlVCNp9H9feiWQrZqblpkN1GgAiBCAJ8zA8pJ00YTCj6SbFqQtVAr5faD35/z7pa306zfimhPDGg8AsYEcPGbGE/5HuvxD6YqpFkylQDD0TNlVuu+Slu6UNr1x7bwgNOxYJ46vHhjjRACIEEDLmHGFZemFH0ibLkqbvmUHNNu6RmGX/fM+6cLbpcu/Jt3AG76T5jtxfCD5wpwJAHGoDALyE2nJ3K0JiBekl5+XbnzaNphnHZ2qmjTyU/atfq903RukK6+Xdmc+Ga66ZhzAqQDQegjMcrwksF5JmH9+RdpkxiDSj+VlafO3SpguuVda/XXpZ6l/X2vczT+/TrqJLRda5ermcM4FQIK1AgBQiasDwZXuBlqE3cP6Xr7/AFCqmeQvczYAtL6d9J2s3geA0lwdA3A6ANQLgTmbWGcyFwEAee1JPt/5AFAvBMyAhZm6dCpzEQCQh18BoF4IXLLjAp/MXAQA5OZNACQ6cXxc0u2MCwBAMd4FgHohsGDLmPnMRQDAWLwMAK13CZlxgWOZiwCADXkbAAm7sRFTRQEgJ+8DQOtTRU2X0MOZiwCAgVoRAFrvEjpoZwlRDQDABloTAAk7S+gAC8cAYLTWBYDsLKFOHJvVwycyFwEgbFdPBGtlACQ6cXzEDhAvZS4CQOBaHQC6di8hqgEAkBaTZ9D6AND6ADHVAACEFgAJqgEAWA8AZ08Eq1o3isxMIXPeAOeZAghGJ46j5F6DqgDSqAYABOia/dOCDQBdOzZwO+sGAARgMX2LQQdAIrVu4BiriAG02EL61giAFLux3Ax7CgFoqbn0bQU7CLyRbhSZfYWOM0gMoCVWOnG8LX0rVABDdOJ41lYDnDcAoA3m+u+BABjBDhKbbqG9nD4GwHOZAKALKAfWDgDw2N5OHDMLaFJm7UAnjvcwWwiAZ5b6G38RAJOx3UImCE75+PUDCM5s5iMEwOTs+MBhu4iM8QEALjs56GtjDKAkjA8AcNQZu9A1gwqgJKnxgXvZchqAQ44P+1KoACrQjSKz2OKI/TPVuhsE4AszWWWP6bIe9PVSAVQgtX6AGUMAmjQ7rPEXFUA9ulFkgsAEwqEQ7heAMzJz/9OoAGpgvgF2xtBepo4CqMmpUY2/qACaQUUAoAYj3/5FBdAMKgIAFdvw7V9UAG6gIgBQsg3f/kUF4AYqAgAlOjFO4y8qADdREQCY0Mh5//2oABzUVxGcYB0BgDEdGbfxFxWAH1hZDGAM8504PpDnQREAHrFBcNB2D7HpHICE6SWYGbfvP0EAeKobRaaLyPzZH/qzAKAP23PMcyEAPGe3oT7MgDEQrFN2zDA3AqAl7MyhIzYMGCcAwnBG0oE8A79pBEDLME4ABGOifv80AqDFbPeQqQruDv1ZAC10pzmIqshtEQABoHsIaJ17O3E88JzfPAiAwNjZQyYM9oX+LABPfbITx0OPecyDAAhUN4pmbBAcpCoAvDHxjJ9BCIDApQaNqQoAt5Xa+IsAQJqtCg4zVgA4p/TGXwQAhrFjBQeZQQQ0rrQ+/34EAEayM4iSLiLWFQD1KmW2zzAEAMZGFxFQG7PI62DRef4bIQAwkW4UHbSVAXsQAeUy2zsc7sTxQtXPlQBAIalZRIwXAMU9bBv/ifb2yYsAQGlSYcA21UB+lQ32DkMAoBKpwePDrC8ARqqty6cfAYDKpcLgIJUBcI1jnTg+2tQjIQBQK8YMgDWNvfWnEQBoTCoMDrAnEQJhpncerbuvfxgCAM6wU0uTMGDRGdrmlFlQWdcMn3EQAHCSXXR2gHEDtMC8bfgb7e4ZhACA82xX0YFUdxHVAXwwb7t7Kl3NWwQBAO+kqoMDDCTDQc43/AkCAN6zZx8n1QFrDtAU08d/0oeGP0EAoFVS3UUHCATUwMzqMbt1Hu/E8aJvD5wAQKsRCKiImcdvpnLOujSrJy8CAEGxgZAeQ2CGEca1ZBp8X9/2ByEAELy+QeUZZhkhZcU2+l717Y+LAAD6pLqNZlL/yyrlcCRv+nOdOJ5t810TAMAY7IZ2M4RCa82nGn3nFmxVhQAAJmRDYU8qEPYwyOwNM4g7F8Jb/igEAFAyuy4hHQ57GFdolOnHX0g1+K3ry58UAQDUxA4270lVC3voSipdurE3/7vQlhk7VSAAAAfYqkG2Ykimqm6jS2koM1C7aBv5xVRj7+2c/CYQAIAHUgGRBEMSEmppF5Ppo79kG/dF+8+mkb8U0iBt1QgAoEVsN9M2e0dJN5OG/LtqCI+kIU9bSH0sadhF414/AgAAQiTp/wGp07dbIvUIVgAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + deployments: null + strategy: "" + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - OpenStack + links: + - name: Openstack Operator + url: https://github.com/openstack-k8s-operators/ + maturity: alpha + provider: + name: Red Hat Inc. + url: https://redhat.com/ + version: 0.1.0 diff --git a/config/operator/manifests/kustomization.yaml b/config/operator/manifests/kustomization.yaml new file mode 100644 index 000000000..3e6f72b56 --- /dev/null +++ b/config/operator/manifests/kustomization.yaml @@ -0,0 +1,24 @@ +# These resources constitute the fully configured set of manifests +# used to generate the 'manifests/' directory in a bundle. +resources: +- bases/openstack-operator.clusterserviceversion.yaml + +# [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. +# Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. +# These patches remove the unnecessary "cert" volume and its manager container volumeMount. +#patchesJson6902: +#- target: +# group: apps +# version: v1 +# kind: Deployment +# name: controller-manager +# namespace: system +# patch: |- +# # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. +# # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. +# - op: remove +# path: /spec/template/spec/containers/1/volumeMounts/0 +# # Remove the "cert" volume, since OLM will create and mount a set of certs. +# # Update the indices in this path if adding or removing volumes in the manager's Deployment. +# - op: remove +# path: /spec/template/spec/volumes/0 diff --git a/config/operator/rabbit.yaml b/config/operator/rabbit.yaml new file mode 100644 index 000000000..f79da0e6c --- /dev/null +++ b/config/operator/rabbit.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/name: rabbitmq-cluster-operator + app.kubernetes.io/part-of: rabbitmq + name: rabbitmq-cluster-operator-manager + namespace: {{ .OperatorNamespace }} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: rabbitmq-cluster-operator + template: + metadata: + labels: + app.kubernetes.io/component: rabbitmq-operator + app.kubernetes.io/name: rabbitmq-cluster-operator + app.kubernetes.io/part-of: rabbitmq + spec: + containers: + - command: + - /manager + env: + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: {{ .RabbitmqImage }} + name: operator + ports: + - containerPort: 9782 + name: metrics + protocol: TCP + resources: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 5m + memory: 64Mi + serviceAccountName: rabbitmq-cluster-operator-controller-manager + terminationGracePeriodSeconds: 10 diff --git a/config/operator/rbac/auth_proxy_client_clusterrole.yaml b/config/operator/rbac/auth_proxy_client_clusterrole.yaml new file mode 100644 index 000000000..4c35b21a7 --- /dev/null +++ b/config/operator/rbac/auth_proxy_client_clusterrole.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-reader-operator +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/config/operator/rbac/auth_proxy_role.yaml b/config/operator/rbac/auth_proxy_role.yaml new file mode 100644 index 000000000..cfbb8a4b5 --- /dev/null +++ b/config/operator/rbac/auth_proxy_role.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: proxy-role-operator +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/config/operator/rbac/auth_proxy_role_binding.yaml b/config/operator/rbac/auth_proxy_role_binding.yaml new file mode 100644 index 000000000..440225c75 --- /dev/null +++ b/config/operator/rbac/auth_proxy_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: proxy-rolebinding-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role-operator +subjects: +- kind: ServiceAccount + name: controller-operator + namespace: system diff --git a/config/operator/rbac/auth_proxy_service.yaml b/config/operator/rbac/auth_proxy_service.yaml new file mode 100644 index 000000000..36e384520 --- /dev/null +++ b/config/operator/rbac/auth_proxy_service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-operator + name: controller-operator-metrics-service-operator + namespace: system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + openstack.org/operator-name: openstack-operator diff --git a/config/operator/rbac/kustomization.yaml b/config/operator/rbac/kustomization.yaml new file mode 100644 index 000000000..731832a6a --- /dev/null +++ b/config/operator/rbac/kustomization.yaml @@ -0,0 +1,18 @@ +resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# subjects if changing service account names. +- service_account.yaml +- role.yaml +- role_binding.yaml +- leader_election_role.yaml +- leader_election_role_binding.yaml +# Comment the following 4 lines if you want to disable +# the auth proxy (https://github.com/brancz/kube-rbac-proxy) +# which protects your /metrics endpoint. +- auth_proxy_service.yaml +- auth_proxy_role.yaml +- auth_proxy_role_binding.yaml +- auth_proxy_client_clusterrole.yaml diff --git a/config/operator/rbac/leader_election_role.yaml b/config/operator/rbac/leader_election_role.yaml new file mode 100644 index 000000000..78acf677e --- /dev/null +++ b/config/operator/rbac/leader_election_role.yaml @@ -0,0 +1,37 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role-operator +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/config/operator/rbac/leader_election_role_binding.yaml b/config/operator/rbac/leader_election_role_binding.yaml new file mode 100644 index 000000000..80e2f271c --- /dev/null +++ b/config/operator/rbac/leader_election_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: leader-election-rolebinding-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role-operator +subjects: +- kind: ServiceAccount + name: controller-operator + namespace: system diff --git a/config/operator/rbac/role.yaml b/config/operator/rbac/role.yaml new file mode 100644 index 000000000..09ccf9607 --- /dev/null +++ b/config/operator/rbac/role.yaml @@ -0,0 +1,114 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: operator-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - serviceaccounts + verbs: + - '*' +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - operator.openstack.org + resources: + - openstacks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operator.openstack.org + resources: + - openstacks/finalizers + verbs: + - update +- apiGroups: + - operator.openstack.org + resources: + - openstacks/status + verbs: + - get + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - '*' diff --git a/config/operator/rbac/role_binding.yaml b/config/operator/rbac/role_binding.yaml new file mode 100644 index 000000000..edc1eb232 --- /dev/null +++ b/config/operator/rbac/role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: operator-role +subjects: +- kind: ServiceAccount + name: controller-operator + namespace: system diff --git a/config/operator/rbac/service_account.yaml b/config/operator/rbac/service_account.yaml new file mode 100644 index 000000000..72275ca0d --- /dev/null +++ b/config/operator/rbac/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-operator + namespace: system diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 731832a6a..e9c4ef55f 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -1,3 +1,13 @@ +# Adds namespace to all resources. +namespace: '{{ .OperatorNamespace }}' + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: openstack-operator- + resources: # All RBAC will be applied under this service account in # the deployment namespace. You may comment out this resource diff --git a/config/rbac/operator_openstack_editor_role.yaml b/config/rbac/operator_openstack_editor_role.yaml new file mode 100644 index 000000000..156bb0e38 --- /dev/null +++ b/config/rbac/operator_openstack_editor_role.yaml @@ -0,0 +1,31 @@ +# permissions for end users to edit openstacks. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: openstack-editor-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: openstack-operator + app.kubernetes.io/part-of: openstack-operator + app.kubernetes.io/managed-by: kustomize + name: openstack-editor-role +rules: +- apiGroups: + - operator.openstack.org + resources: + - openstacks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operator.openstack.org + resources: + - openstacks/status + verbs: + - get diff --git a/config/rbac/operator_openstack_viewer_role.yaml b/config/rbac/operator_openstack_viewer_role.yaml new file mode 100644 index 000000000..6bef23cc0 --- /dev/null +++ b/config/rbac/operator_openstack_viewer_role.yaml @@ -0,0 +1,27 @@ +# permissions for end users to view openstacks. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: openstack-viewer-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: openstack-operator + app.kubernetes.io/part-of: openstack-operator + app.kubernetes.io/managed-by: kustomize + name: openstack-viewer-role +rules: +- apiGroups: + - operator.openstack.org + resources: + - openstacks + verbs: + - get + - list + - watch +- apiGroups: + - operator.openstack.org + resources: + - openstacks/status + verbs: + - get diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 19a4ea9ba..0a78c651a 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -52,6 +52,12 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get - apiGroups: - "" resources: diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index df3f1ecbe..138d15b6b 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -3,10 +3,11 @@ # we do not have space for long examples here and want # to guide users to documentation instead resources: -- core_v1beta1_openstackcontrolplane_empty.yaml -- client_v1beta1_openstackclient_empty.yaml -- core_v1beta1_openstackversion_empty.yaml -- dataplane_v1beta1_openstackdataplanenodeset_empty.yaml -- dataplane_v1beta1_openstackdataplaneservice_empty.yaml -- dataplane_v1beta1_openstackdataplanedeployment_empty.yaml +#- core_v1beta1_openstackcontrolplane_empty.yaml +#- client_v1beta1_openstackclient_empty.yaml +#- core_v1beta1_openstackversion_empty.yaml +#- dataplane_v1beta1_openstackdataplanenodeset_empty.yaml +#- dataplane_v1beta1_openstackdataplaneservice_empty.yaml +#- dataplane_v1beta1_openstackdataplanedeployment_empty.yaml +- operator_v1beta1_openstack.yaml #+kubebuilder:scaffold:manifestskustomizesamples diff --git a/controllers/dataplane/openstackdataplanenodeset_controller.go b/controllers/dataplane/openstackdataplanenodeset_controller.go index 404f7776d..6b2418fed 100644 --- a/controllers/dataplane/openstackdataplanenodeset_controller.go +++ b/controllers/dataplane/openstackdataplanenodeset_controller.go @@ -107,6 +107,7 @@ func (r *OpenStackDataPlaneNodeSetReconciler) GetLogger(ctx context.Context) log // +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=rolebindings,verbs=get;list;watch;create;update;patch // +kubebuilder:rbac:groups="security.openshift.io",resourceNames=anyuid,resources=securitycontextconstraints,verbs=use // +kubebuilder:rbac:groups="",resources=pods,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups="",resources=namespaces,verbs=get // +kubebuilder:rbac:groups="",resources=projects,verbs=get // +kubebuilder:rbac:groups="project.openshift.io",resources=projects,verbs=get // +kubebuilder:rbac:groups="",resources=imagestreamimages,verbs=get;list;watch diff --git a/controllers/operator/openstack_controller.go b/controllers/operator/openstack_controller.go new file mode 100644 index 000000000..d6b6113be --- /dev/null +++ b/controllers/operator/openstack_controller.go @@ -0,0 +1,407 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package operator + +import ( + "context" + "fmt" + "os" + "path/filepath" + "sort" + "strings" + + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/client-go/kubernetes" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/handler" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + "github.com/go-logr/logr" + condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition" + "github.com/openstack-k8s-operators/lib-common/modules/common/helper" + "github.com/openstack-k8s-operators/lib-common/modules/common/util" + operatorv1beta1 "github.com/openstack-k8s-operators/openstack-operator/apis/operator/v1beta1" + "github.com/openstack-k8s-operators/openstack-operator/pkg/operator/bindata" + "github.com/pkg/errors" + appsv1 "k8s.io/api/apps/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "sigs.k8s.io/controller-runtime/pkg/log" +) + +const ( + OperatorCount = 22 +) + +// OpenStackReconciler reconciles a OpenStack object +type OpenStackReconciler struct { + client.Client + Scheme *runtime.Scheme + Kclient kubernetes.Interface +} + +// GetLog returns a logger object with a prefix of "controller.name" and aditional controller context fields +func (r *OpenStackReconciler) GetLogger(ctx context.Context) logr.Logger { + return log.FromContext(ctx).WithName("Controllers").WithName("OpenStackControlPlane") +} + +var ( + envRelatedOperatorImages (map[string]*string) // operatorName -> image + rabbitmqImage string + operatorImage string + openstackReleaseVersion string +) + +// SetupEnv - +func SetupEnv() { + envRelatedOperatorImages = make(map[string]*string) + for _, name := range os.Environ() { + envArr := strings.Split(name, "=") + + if strings.HasSuffix(envArr[0], "_OPERATOR_MANAGER_IMAGE_URL") { + operatorName := strings.TrimPrefix(envArr[0], "RELATED_IMAGE_") + operatorName = strings.TrimSuffix(operatorName, "_OPERATOR_MANAGER_IMAGE_URL") + operatorName = strings.ToLower(operatorName) + operatorName = strings.ReplaceAll(operatorName, "_", "-") + // rabbitmq-cluster is a special case with an alternate deployment template + if operatorName == "rabbitmq-cluster" { + rabbitmqImage = envArr[1] + } else { + envRelatedOperatorImages[operatorName] = &envArr[1] + } + log.Log.Info("Found operator related image", "operator", operatorName, "image", envArr[1]) + } else if envArr[0] == "OPERATOR_IMAGE_URL" { + operatorImage = envArr[1] + } else if envArr[0] == "OPENSTACK_RELEASE_VERSION" { + openstackReleaseVersion = envArr[1] + } + } +} + +//+kubebuilder:rbac:groups=operator.openstack.org,resources=openstacks,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=operator.openstack.org,resources=openstacks/status,verbs=get;update;patch +//+kubebuilder:rbac:groups=operator.openstack.org,resources=openstacks/finalizers,verbs=update +// +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=mutatingwebhookconfigurations;validatingwebhookconfigurations,verbs="*" +// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles;clusterrolebindings;rolebindings;roles,verbs="*" +// +kubebuilder:rbac:groups=apiextensions.k8s.io,resources="*",verbs="*" +// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete; +// +kubebuilder:rbac:groups="",resources=serviceaccounts;configmaps;namespaces,verbs="*" +// +kubebuilder:rbac:groups=core,resources=services,verbs="*"; +// +kubebuilder:rbac:groups=cert-manager.io,resources=issuers,verbs=get;list;watch;create;update;patch;delete; +// +kubebuilder:rbac:groups=cert-manager.io,resources=certificates,verbs=get;list;watch;create;update;patch;delete; +// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=servicemonitors,verbs=list;get;watch;update;create + +// Reconcile is part of the main kubernetes reconciliation loop which aims to +// move the current state of the cluster closer to the desired state. +// +// For more details, check Reconcile and its Result here: +// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.14.1/pkg/reconcile +func (r *OpenStackReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ctrl.Result, _err error) { + Log := r.GetLogger(ctx) + + // Fetch the OpenStack instance + instanceList := &operatorv1beta1.OpenStackList{} + err := r.Client.List(ctx, instanceList, &client.ListOptions{}) + if err != nil { + return ctrl.Result{}, errors.Wrap(err, "failed listing all OpenStack instances") + } + instance := &operatorv1beta1.OpenStack{} + err = r.Client.Get(ctx, req.NamespacedName, instance) + if err != nil { + if apierrors.IsNotFound(err) { + // Request object not found, could have been deleted after reconcile req. + // Owned objects are automatically garbage collected. For additional cleanup logic use finalizers. + // Return and don't requeue + return ctrl.Result{}, nil + } + // Error reading the object - requeue the req. + return ctrl.Result{}, err + } + + versionHelper, err := helper.NewHelper( + instance, + r.Client, + r.Kclient, + r.Scheme, + Log, + ) + if err != nil { + Log.Error(err, "unable to create helper") + return ctrl.Result{}, err + } + + isNewInstance := instance.Status.Conditions == nil + if isNewInstance { + instance.Status.Conditions = condition.Conditions{} + } + + // Save a copy of the condtions so that we can restore the LastTransitionTime + // when a condition's state doesn't change. + savedConditions := instance.Status.Conditions.DeepCopy() + + // Always patch the instance status when exiting this function so we can persist any changes. + defer func() { + // update the Ready condition based on the sub conditions + if instance.Status.Conditions.AllSubConditionIsTrue() { + instance.Status.Conditions.MarkTrue( + condition.ReadyCondition, condition.ReadyMessage) + } else { + // something is not ready so reset the Ready condition + instance.Status.Conditions.MarkUnknown( + condition.ReadyCondition, condition.InitReason, condition.ReadyInitMessage) + // and recalculate it based on the state of the rest of the conditions + instance.Status.Conditions.Set( + instance.Status.Conditions.Mirror(condition.ReadyCondition)) + } + + condition.RestoreLastTransitionTimes( + &instance.Status.Conditions, savedConditions) + + err := versionHelper.PatchInstance(ctx, instance) + if err != nil { + _err = err + return + } + }() + + cl := condition.CreateList( + condition.UnknownCondition(operatorv1beta1.OpenStackOperatorReadyCondition, condition.InitReason, string(operatorv1beta1.OpenStackOperatorReadyInitMessage)), + ) + instance.Status.Conditions.Init(&cl) + instance.Status.ObservedGeneration = instance.Generation + + instance.Status.Conditions.Set(condition.FalseCondition( + operatorv1beta1.OpenStackOperatorReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + operatorv1beta1.OpenStackOperatorReadyRunningMessage)) + + // We only want one instance of OpenStack. Ignore anything after that. + if len(instanceList.Items) > 0 { + if len(instanceList.Items) > 1 { + sort.Slice(instanceList.Items, func(i, j int) bool { + return instanceList.Items[j].CreationTimestamp.After(instanceList.Items[i].CreationTimestamp.Time) + }) + } + if instanceList.Items[0].Name != req.Name { + Log.Info("Ignoring OpenStack.operator.openstack.org because one already exists and does not match existing name") + err = r.Client.Delete(ctx, instance, &client.DeleteOptions{}) + if err != nil { + instance.Status.Conditions.Set(condition.FalseCondition( + operatorv1beta1.OpenStackOperatorReadyCondition, + condition.ErrorReason, + condition.SeverityWarning, + operatorv1beta1.OpenStackOperatorErrorMessage, + err)) + Log.Error(err, "failed to remove OpenStack.operator.openstack.org instance") + } + return ctrl.Result{}, nil + } + } + + // TODO: cleanup obsolete resources here (remove old CSVs, etc) + /* + if err := r.cleanupObsoleteResources(ctx); err != nil { + return ctrl.Result{}, err + } + */ + + if err := r.applyManifests(ctx, instance); err != nil { + instance.Status.Conditions.Set(condition.FalseCondition( + operatorv1beta1.OpenStackOperatorReadyCondition, + condition.ErrorReason, + condition.SeverityWarning, + operatorv1beta1.OpenStackOperatorErrorMessage, + err)) + return ctrl.Result{}, err + } + + // Check if all deployments are running + deploymentsRunning, err := r.countDeployments(ctx, instance) + instance.Status.DeployedOperatorCount = &deploymentsRunning + if err != nil { + instance.Status.Conditions.Set(condition.FalseCondition( + operatorv1beta1.OpenStackOperatorReadyCondition, + condition.ErrorReason, + condition.SeverityWarning, + operatorv1beta1.OpenStackOperatorErrorMessage, + err)) + return ctrl.Result{}, err + } + if deploymentsRunning < OperatorCount { + Log.Info("Waiting for all deployments to be running", "current", deploymentsRunning, "expected", OperatorCount) + return ctrl.Result{}, nil + } + + instance.Status.Conditions.MarkTrue( + operatorv1beta1.OpenStackOperatorReadyCondition, + operatorv1beta1.OpenStackOperatorReadyMessage) + + Log.Info("Reconcile complete.") + return ctrl.Result{}, nil + +} + +// countDeployments - +func (r *OpenStackReconciler) countDeployments(ctx context.Context, instance *operatorv1beta1.OpenStack) (int, error) { + deployments := &appsv1.DeploymentList{} + err := r.Client.List(ctx, deployments, &client.ListOptions{Namespace: instance.Namespace}) + if err != nil { + return 0, err + } + + count := 0 + for _, deployment := range deployments.Items { + if metav1.IsControlledBy(&deployment, instance) { + if deployment.Status.ReadyReplicas > 0 { + count++ + } + } + } + return count, nil +} + +func (r *OpenStackReconciler) applyManifests(ctx context.Context, instance *operatorv1beta1.OpenStack) error { + if err := r.applyCRDs(ctx, instance); err != nil { + log.Log.Error(err, "failed applying CRD manifests") + return err + } + + if err := r.applyRBAC(ctx, instance); err != nil { + log.Log.Error(err, "failed applying RBAC manifests") + return err + } + + if err := r.applyOperator(ctx, instance); err != nil { + log.Log.Error(err, "failed applying Operator manifests") + return err + } + + return nil +} + +func (r *OpenStackReconciler) applyCRDs(ctx context.Context, instance *operatorv1beta1.OpenStack) error { + data := bindata.MakeRenderData() + return r.renderAndApply(ctx, instance, data, "crds", false) +} + +func (r *OpenStackReconciler) applyRBAC(ctx context.Context, instance *operatorv1beta1.OpenStack) error { + data := bindata.MakeRenderData() + data.Data["OperatorNamespace"] = instance.Namespace + return r.renderAndApply(ctx, instance, data, "rbac", false) +} + +func (r *OpenStackReconciler) applyOperator(ctx context.Context, instance *operatorv1beta1.OpenStack) error { + data := bindata.MakeRenderData() + data.Data["OperatorNamespace"] = instance.Namespace + data.Data["OperatorImages"] = envRelatedOperatorImages + data.Data["RabbitmqImage"] = rabbitmqImage + data.Data["OperatorImage"] = operatorImage + data.Data["OpenstackReleaseVersion"] = openstackReleaseVersion + return r.renderAndApply(ctx, instance, data, "operator", true) +} + +func (r *OpenStackReconciler) renderAndApply( + ctx context.Context, + instance *operatorv1beta1.OpenStack, + data bindata.RenderData, + sourceDirectory string, + setControllerReference bool, +) error { + var err error + + bindir := util.GetEnvVar("BASE_BINDATA", "/bindata") + + sourceFullDirectory := filepath.Join(bindir, sourceDirectory) + objs, err := bindata.RenderDir(sourceFullDirectory, &data) + if err != nil { + return errors.Wrapf(err, "failed to render openstack-operator - %s", sourceDirectory) + } + + // If no file found in directory - return error + if len(objs) == 0 { + return fmt.Errorf("no manifests rendered from %s", sourceFullDirectory) + } + + for _, obj := range objs { + // RenderDir seems to add an extra null entry to the list. It appears to be because of the + // nested templates. This just makes sure we don't try to apply an empty obj. + if obj.GetName() == "" { + continue + } + if setControllerReference { + // Set the controller reference. + if obj.GetNamespace() != "" { + log.Log.Info("Setting controller reference", "object", obj.GetName(), "controller", instance.Name) + err = controllerutil.SetControllerReference(instance, obj, r.Scheme) + if err != nil { + return errors.Wrap(err, "failed to set owner reference") + } + } else { + log.Log.Info("skipping controller reference (cluster scoped)", "object", obj.GetName(), "controller", instance.Name) + } + } + + // Now apply the object + err = bindata.ApplyObject(ctx, r.Client, obj) + if err != nil { + return errors.Wrapf(err, "failed to apply object %v", obj) + } + } + return nil +} + +// SetupWithManager sets up the controller with the Manager. +func (r *OpenStackReconciler) SetupWithManager(mgr ctrl.Manager) error { + + deploymentFunc := handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, o client.Object) []reconcile.Request { + Log := r.GetLogger(ctx) + + instanceList := &operatorv1beta1.OpenStackList{} + err := r.Client.List(ctx, instanceList) + if err != nil { + Log.Error(err, "Unable to retrieve OpenStack instances") + return nil + } + + if len(instanceList.Items) == 0 { + return nil + } + + instance := &instanceList.Items[0] + if metav1.IsControlledBy(o, instance) { + Log.Info("Reconcile request for OpenStack instance", "instance", instance.Name) + return []reconcile.Request{ + { + NamespacedName: client.ObjectKey{ + Namespace: instance.Namespace, + Name: instance.Name, + }, + }, + } + } + + return nil + }) + + return ctrl.NewControllerManagedBy(mgr). + Watches(&appsv1.Deployment{}, deploymentFunc). + For(&operatorv1beta1.OpenStack{}). + Complete(r) +} diff --git a/dependencies.yaml b/dependencies.yaml deleted file mode 100644 index d0b38a66e..000000000 --- a/dependencies.yaml +++ /dev/null @@ -1,81 +0,0 @@ -dependencies: - - type: olm.package - value: - packageName: rabbitmq-cluster-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: barbican-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: cinder-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: glance-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: horizon-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: heat-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: infra-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: ironic-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: keystone-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: manila-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: mariadb-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: neutron-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: nova-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: openstack-baremetal-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: ovn-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: placement-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: swift-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: telemetry-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: octavia-operator - version: ">=0.0.0" - - type: olm.package - value: - packageName: designate-operator - version: ">=0.0.0" diff --git a/go.mod b/go.mod index aca858239..456e6e787 100644 --- a/go.mod +++ b/go.mod @@ -39,6 +39,7 @@ require ( github.com/openstack-k8s-operators/swift-operator/api v0.5.1-0.20241217165548-b58a81dcbe9f github.com/openstack-k8s-operators/telemetry-operator/api v0.5.1-0.20241218005134-1df1718308d2 github.com/openstack-k8s-operators/test-operator/api v0.5.1-0.20241217155820-7797cdf07723 + github.com/pkg/errors v0.9.1 github.com/rabbitmq/cluster-operator/v2 v2.11.0 go.uber.org/zap v1.27.0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 @@ -84,7 +85,6 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20241216113837-d172b3ac0f4e // indirect - github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_golang v1.19.0 // indirect github.com/prometheus/client_model v0.6.0 // indirect github.com/prometheus/common v0.53.0 // indirect diff --git a/hack/export_operator_related_images.sh b/hack/export_operator_related_images.sh new file mode 100644 index 000000000..1ec34f306 --- /dev/null +++ b/hack/export_operator_related_images.sh @@ -0,0 +1,23 @@ +# NOTE: this file is automatically generated by hack/sync-bindata.sh! + +export RELATED_IMAGE_BARBICAN_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/barbican-operator@sha256:3e35386664233c7e37f7e3065c728e42da558a9e58c1b9860a1c4a1a34775729 +export RELATED_IMAGE_CINDER_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/cinder-operator@sha256:b25b8c1d3f786804bd1f0e6e676d5630dc5403ab833a0a76de53068065dbdfbe +export RELATED_IMAGE_DESIGNATE_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/designate-operator@sha256:2c5a9a05c99bcbf8bc72dd75d77dfcac294123aa3250b0ad38ec4972329eb874 +export RELATED_IMAGE_GLANCE_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/glance-operator@sha256:4a5a408fc7bdc93e2859ac7d072a0030f3cb7936601d4be53f438d1adaee9a34 +export RELATED_IMAGE_HEAT_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/heat-operator@sha256:1eddff80590df03b6a64e94c685f6e2a212a6f34a67beb7d2b324fdeb853c12c +export RELATED_IMAGE_HORIZON_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/horizon-operator@sha256:3212104187d96591c869163da17f9ed364bacada0f304f4353b9700d748d1bae +export RELATED_IMAGE_INFRA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/infra-operator@sha256:237e3a17851c33b083d3c673c19e9fabaa728d6de42eb4fe028011da4fa33d04 +export RELATED_IMAGE_IRONIC_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/ironic-operator@sha256:2d12ec471465e831cf5b78546e69a6e5a037bf54fc9752740470d39a432599d9 +export RELATED_IMAGE_KEYSTONE_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/keystone-operator@sha256:c918c6288793363a0a7bc8564f4d75c05ab5a3f88e140285e88cf25b24073d8b +export RELATED_IMAGE_MANILA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/manila-operator@sha256:d81e9204e74f797cf15fb531b9dc44a9c23d1d30621c9860faa08ae9ebccc032 +export RELATED_IMAGE_MARIADB_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/mariadb-operator@sha256:14e75a8608b568f0169ff698ebe2a70b2a429ac076b8603591455529a164b27b +export RELATED_IMAGE_NEUTRON_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/neutron-operator@sha256:ba53ca6f9541a55f4a71c61d71123546a619f4787fc25ed91b00bc37fe55ac93 +export RELATED_IMAGE_NOVA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/nova-operator@sha256:9a1d7f3a928a16b0b8907ef92ab47dbeccff0e5860bed94f345c2393de3712d3 +export RELATED_IMAGE_OCTAVIA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/octavia-operator@sha256:7c594519b01f17c973bc96fea13d183c6ea650830570d5f7695a73148bcc65e7 +export RELATED_IMAGE_OPENSTACK_BAREMETAL_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/openstack-baremetal-operator@sha256:fba9276ef4c3fbf4671be6ea13586b3149cc08159fb353222c0bfbbe91d81a7c +export RELATED_IMAGE_OVN_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/ovn-operator@sha256:eb3ceac834eaaa8c295e050615ba1c1bf9ac22b34bcc252b1f07799a906a2195 +export RELATED_IMAGE_PLACEMENT_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/placement-operator@sha256:a8b90df9f7e511c52c13e729a69981018b9c5f559bc01870aaa9c0cb75370a19 +export RELATED_IMAGE_RABBITMQ_CLUSTER_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/rabbitmq-cluster-operator@sha256:225524223bf2a7f3a4ce95958fc9ca6fdab02745fb70374e8ff5bf1ddaceda4b +export RELATED_IMAGE_SWIFT_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/swift-operator@sha256:bccf1bdbcb83cc96debdfdedb6ebde14081f88a37b2c894573c511e856d13ce1 +export RELATED_IMAGE_TELEMETRY_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/telemetry-operator@sha256:bb317539cb234c97160ec359ac761351377468b83f39079c85dc7a977fb1524e +export RELATED_IMAGE_TEST_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/test-operator@sha256:6098d9a34ec7f065c0039b132f5daedf5fc7e142f9114e46bb2b9778000fbf23 diff --git a/hack/sync-bindata.sh b/hack/sync-bindata.sh new file mode 100755 index 000000000..346974c52 --- /dev/null +++ b/hack/sync-bindata.sh @@ -0,0 +1,298 @@ +#!/bin/bash + +# extract select data from bundles: +# -CSV's +# -TODO: role data +set -ex + +OUT_DATA=bindata +EXTRACT_DIR=tmp/bindata + +mkdir -p "$EXTRACT_DIR" +mkdir -p "$OUT_DATA/crds" + +function extract_bundle { + local IN_DIR=$1 + local OUT_DIR=$2 + for X in $(file ${IN_DIR}/* | grep gzip | cut -f 1 -d ':'); do + tar xvf $X -C ${OUT_DIR}/; + done +} + + +function extract_webhooks { +local CSV_FILENAME=$1 +local OPERATOR_NAME=$2 +local TYPE=$3 + +cat $CSV_FILENAME | yq -r ".spec.webhookdefinitions.[] | select(.type == \"$TYPE\")" | \ + sed -e '/^containerPort:/d' | \ + sed -e '/^deploymentName:/d' | \ + sed -e '/^targetPort:/d' | \ + sed -e '/^type:/d' | \ + sed -e 's|^| |' | sed -e 's|.*admissionReviewVersions:|- admissionReviewVersions:|' | \ + sed -e 's|.*generateName:| name:|' | \ + sed -e 's| - v1| - v1|' | \ + sed -e "s|.*webhookPath:| clientConfig:\n service:\n name: ${OPERATOR_NAME}-webhook-service\n namespace: '{{ .OperatorNamespace }}'\n path:|" + +} + + +function write_webhooks { +local CSV_FILENAME=$1 +local OPERATOR_NAME=$2 + +MUTATING_WEBHOOKS=$(extract_webhooks "$CSV_FILENAME" "$OPERATOR_NAME" "MutatingAdmissionWebhook") +VALIDATING_WEBHOOKS=$(extract_webhooks "$CSV_FILENAME" "$OPERATOR_NAME" "ValidatingAdmissionWebhook") + +cat > operator/$OPERATOR_NAME-webhooks.yaml < rbac/$OPERATOR_NAME-rbac.yaml < ../config/operator/manager_operator_images.yaml < ../hack/export_operator_related_images.sh <> ../config/operator/manager_operator_images.yaml <> ../hack/export_operator_related_images.sh < 0 { + return errors.Errorf("cannot create ServiceAccount with secrets") + } + } + + return nil +} diff --git a/pkg/operator/bindata/render.go b/pkg/operator/bindata/render.go new file mode 100644 index 000000000..bb2ab5bbe --- /dev/null +++ b/pkg/operator/bindata/render.go @@ -0,0 +1,108 @@ +package bindata + +import ( + "bytes" + "io" + "os" + "path/filepath" + "strings" + "text/template" + + //sprig "github.com/go-task/slim-sprig/v3" + "github.com/pkg/errors" + + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/util/yaml" +) + +// RenderData - +type RenderData struct { + Funcs template.FuncMap + Data map[string]interface{} +} + +// MakeRenderData - +func MakeRenderData() RenderData { + return RenderData{ + Funcs: template.FuncMap{}, + Data: map[string]interface{}{}, + } +} + +// RenderDir will render all manifests in a directory, descending in to subdirectories +// It will perform template substitutions based on the data supplied by the RenderData +func RenderDir(manifestDir string, d *RenderData) ([]*unstructured.Unstructured, error) { + out := []*unstructured.Unstructured{} + + if err := filepath.Walk(manifestDir, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if info.IsDir() { + return nil + } + + // Skip non-manifest files + if !(strings.HasSuffix(path, ".yml") || strings.HasSuffix(path, ".yaml") || strings.HasSuffix(path, ".json")) { + return nil + } + + objs, err := RenderTemplate(path, d) + if err != nil { + return err + } + out = append(out, objs...) + return nil + }); err != nil { + return nil, errors.Wrap(err, "error rendering manifests") + } + + return out, nil +} + +// RenderTemplate reads, renders, and attempts to parse a yaml or +// json file representing one or more k8s api objects +func RenderTemplate(path string, d *RenderData) ([]*unstructured.Unstructured, error) { + tmpl := template.New(path).Option("missingkey=error") + if d.Funcs != nil { + tmpl.Funcs(d.Funcs) + } + + // Add universal functions + //tmpl.Funcs(sprig.TxtFuncMap()) + + source, err := os.ReadFile(path) + if err != nil { + return nil, errors.Wrapf(err, "failed to read manifest %s", path) + } + + if _, err := tmpl.Parse(string(source)); err != nil { + return nil, errors.Wrapf(err, "failed to parse manifest %s as template", path) + } + + rendered := bytes.Buffer{} + if err := tmpl.Execute(&rendered, d.Data); err != nil { + return nil, errors.Wrapf(err, "failed to render manifest %s", path) + } + + out := []*unstructured.Unstructured{} + + // special case - if the entire file is whitespace, skip + if len(strings.TrimSpace(rendered.String())) == 0 { + return out, nil + } + + decoder := yaml.NewYAMLOrJSONDecoder(&rendered, 4096) + for { + u := unstructured.Unstructured{} + if err := decoder.Decode(&u); err != nil { + if errors.Is(err, io.EOF) { + break + } + return nil, errors.Wrapf(err, "failed to unmarshal manifest %s", path) + } + out = append(out, &u) + } + + return out, nil +} diff --git a/renovate.json b/renovate.json index 135a73be4..6ece68d7a 100644 --- a/renovate.json +++ b/renovate.json @@ -11,7 +11,7 @@ } ], "postUpgradeTasks": { - "commands": ["make gowork", "make tidy", "make manifests generate"], + "commands": ["make gowork", "make tidy", "make manifests generate", "make bindata"], "fileFilters": ["**/go.mod", "**/go.sum", "**/*.go", "**/*.yaml"], "executionMode": "update" }